BreachExchange mailing list archives
Re: Louisiana: SS numbers accessed
From: "Casey, Troy # Atlanta" <Troy.Casey () per-se com>
Date: Wed, 28 Mar 2007 08:45:42 -0400
"'These files were previously secure,' Aguillard said..." ..."previously" apparently meaning "before our web server was booted up". Obviously the site did not require a password before allowing a web session to 'violate' or 'infiltrate' the records containing the SSNs of the school employees. Which directives to use in HTML to turn away web crawlers has been well known to qualified webmasters for years, so that's no excuse either...not that the web crawler should have been able to access employee data without authenticating in the first place. Just another example of careless "stewardship" of people's private information? It goes beyond carelessness when you deliberately put private information on the Web and then don't protect it. This sort of blunder becomes more unforgiveable every day, but we have no law under which these willful privacy violations can be prosecuted - until someone's already been harmed. I'm too discouraged to even rant on about this stuff anymore. Our country does not take privacy seriously and apparently has no will to do so in the future either. -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of lyger Sent: Tuesday, March 27, 2007 5:57 PM To: dataloss () attrition org Subject: [Dataloss] Louisiana: SS numbers accessed http://www.iberianet.com/articles/2007/03/27/news/news/news15.txt Rosters containing information, including Social Security numbers, of about 380 St. Mary Parish public school employees were accessed March 19 by a Yahoo! Web page search engine crawler. St. Mary Parish schools Superintendent Donald Aguillard said the crawler violated the school district Web page by accessing a database that stored 2002 through 2004 staff development rosters. "These files were previously secure," Aguillard said. "Yahoo!'s new aggressive Web crawler infiltrated the public server and our technology department responded immediately to the breach in security by addressing the following: Contacting Yahoo! and demanding that our information be stricken from cached files, notified all workshop participants of the possibility that their personal information was revealed, while also contacting the Web page archiving services and demanding the removal of our cached pages." [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 158 million compromised records in 605 incidents over 7 years. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 158 million compromised records in 609 incidents over 7 years.
Current thread:
- Louisiana: SS numbers accessed lyger (Mar 27)
- Re: Louisiana: SS numbers accessed Casey, Troy # Atlanta (Mar 28)