BuckID Number Reclassified as S4 Institutional Data

The 16-digit number found on BuckID cards has been reclassified from S3 to S4 institutional data. This means that it is now considered restricted data and requires stricter safeguards due to its various applications, including functionality as a debit card number, potentially increasing the risk of identity theft and financial loss if compromised.

Note that this change does not apply to the staff or student nine-digit ID number, which is also printed on BuckID cards. This number remains at an S2 classification level.

As before, a repository of BuckID numbers continues to be classified as S4 data. Additionally, The Ohio State University Wexner Medical Center IDs are transitioning to BuckIDs. Those affected by this change should have already received additional information from the Ohio State Wexner Medical Center.

Institutional data is information that is created, collected, maintained, transmitted or recorded by or for the university to conduct university operations. Every type of institutional data can be classified into a security level (S-level), which links the data classification to the level of effort needed to protect that data. University data is split into four S-levels: S1 (public), S2 (internal), S3 (private), and S4 (restricted). More about institutional data and a calculator to quickly and easily determine what level of classification certain data falls into, and what that means for how you can use it, can be found on the Digital Security and Trust website.

To learn what you should do in the event you suspect your university identity or information has been tampered with or compromised, check out the incident reporting activity in the Cybersecurity for You (C4U) awareness platform.