BreachExchange mailing list archives
Re: Columbia University (NY) has posted SSNs on line for16months
From: "TSG" <tglassey () earthlink net>
Date: Thu, 12 Jun 2008 09:59:32 -0700
Not that I am a lawyer (because I am not) but there is an easy answer... The way to deal with this is to use the Qui Tam statute and sue the university under the False Claims Act based on their filings with the Department of Health and Welfare and their filings with the State and Federal Department's of Education which fund much of the schools internal actions. The security issue is a derivative error for fraudulently claiming that they properly met all of the operating requiments for a school. And clearly they havent... They (the school) are required through those filings to obey any and all laws relevant to their operations, so it (this breach) is a simple CFAA negligence claim. Then all of the student body become a class and all that needs to be documented is the failing to ask for a summary judgment. See the Federal Laws, especially the Computer Fraud and Abuse Act and the Stored Communications Act have amazing latitude here. Todd Glassey (as a civilian). ----- Original Message ----- From: "Casey, Troy # Atlanta" <Troy.Casey () McKesson com> To: <dataloss () attrition org> Sent: Thursday, June 12, 2008 8:33 AM Subject: Re: [Dataloss] Columbia University (NY) has posted SSNs on line for16months
"we have no evidence of wrongdoing" Apparently Columbia University does not consider an employee posting its students' social security numbers on the Internet to constitute "wrongdoing." Pretty lax practices by the University, considering this same thing basically happened just 14 months before this incident! At least the victims are afforded a heaping helping of the useless credit monitoring service. The University spokespeople seem to acknowledge no culpability on the University's part. We need some new legislation in this area. Desperately. And that's saying a lot coming from a libertarian like myself! Troy D. Casey -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Henry Brown Sent: Thursday, June 12, 2008 9:32 AM To: dataloss () attrition org Subject: [Dataloss] Columbia University (NY) has posted SSNs on line for 16months From the NY Sun http://tinyurl.com/5fnfxq Columbia Students Outraged By Online Privacy Breach By ANNA PHILLIPS, Special to the Sun June 12, 2008 Angry Columbia University students are demanding an investigation after it was discovered yesterday that 5,000 of their Social Security numbers had been searchable online for the last 16 months. Students received an e-mail message on Tuesday night from the vice president of student auxiliary and business services, Scott Wright, explaining that in February 2007, a student employee had posted a database of students' housing information, including this reporter's, on a Google-hosted Web site. "No financial data was included in the file in question, and we have no evidence of wrongdoing or identity theft," Mr. Wright said in the e-mail message. "We are very sorry for this occurrence." Columbia would not identify the student, saying only that the person had worked in the university's housing office. Administrators said they learned about the security breach June 3 when an alumna contacted the housing office. Google removed the Web site upon request. As a result of the security breach, Columbia is offering students a free two-year subscription to a credit monitoring service. Yesterday, students informed the school that the information of about 200 students was still searchable. A Columbia spokesman, Robert Hornsby, said Google had removed the file as of yesterday evening. Several students yesterday created an online petition and posted it to the main campus Web log, demanding that the university investigate the former employee and issue a report explaining how security will be increased. A similar leak occurred in April 2007, when the university noticed that three databases containing students' addresses and Social Security numbers were online. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Columbia University (NY) has posted SSNs on line for 16 months Henry Brown (Jun 12)
- Re: Columbia University (NY) has posted SSNs on line for 16months Casey, Troy # Atlanta (Jun 12)
- Re: Columbia University (NY) has posted SSNs on line for16months TSG (Jun 12)
- Re: Columbia University (NY) has posted SSNs on line for 16months Casey, Troy # Atlanta (Jun 12)