BreachExchange mailing list archives
Re: Columbia University (NY) has posted SSNs on line for 16months
From: "Casey, Troy # Atlanta" <Troy.Casey () McKesson com>
Date: Thu, 12 Jun 2008 11:33:32 -0400
"we have no evidence of wrongdoing" Apparently Columbia University does not consider an employee posting its students' social security numbers on the Internet to constitute "wrongdoing." Pretty lax practices by the University, considering this same thing basically happened just 14 months before this incident! At least the victims are afforded a heaping helping of the useless credit monitoring service. The University spokespeople seem to acknowledge no culpability on the University's part. We need some new legislation in this area. Desperately. And that's saying a lot coming from a libertarian like myself! Troy D. Casey -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Henry Brown Sent: Thursday, June 12, 2008 9:32 AM To: dataloss () attrition org Subject: [Dataloss] Columbia University (NY) has posted SSNs on line for 16months From the NY Sun http://tinyurl.com/5fnfxq Columbia Students Outraged By Online Privacy Breach By ANNA PHILLIPS, Special to the Sun June 12, 2008 Angry Columbia University students are demanding an investigation after it was discovered yesterday that 5,000 of their Social Security numbers had been searchable online for the last 16 months. Students received an e-mail message on Tuesday night from the vice president of student auxiliary and business services, Scott Wright, explaining that in February 2007, a student employee had posted a database of students' housing information, including this reporter's, on a Google-hosted Web site. "No financial data was included in the file in question, and we have no evidence of wrongdoing or identity theft," Mr. Wright said in the e-mail message. "We are very sorry for this occurrence." Columbia would not identify the student, saying only that the person had worked in the university's housing office. Administrators said they learned about the security breach June 3 when an alumna contacted the housing office. Google removed the Web site upon request. As a result of the security breach, Columbia is offering students a free two-year subscription to a credit monitoring service. Yesterday, students informed the school that the information of about 200 students was still searchable. A Columbia spokesman, Robert Hornsby, said Google had removed the file as of yesterday evening. Several students yesterday created an online petition and posted it to the main campus Web log, demanding that the university investigate the former employee and issue a report explaining how security will be increased. A similar leak occurred in April 2007, when the university noticed that three databases containing students' addresses and Social Security numbers were online. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Columbia University (NY) has posted SSNs on line for 16 months Henry Brown (Jun 12)
- Re: Columbia University (NY) has posted SSNs on line for 16months Casey, Troy # Atlanta (Jun 12)