BreachExchange mailing list archives
NY: Binghamton University Jeopardizes the Private Information of Over a Hundred Thousand Individuals
From: lyger <lyger () attrition org>
Date: Wed, 11 Mar 2009 17:10:34 +0000 (UTC)
(note that the article's author apparently includes a photo of his own Fall 2006 semester bill below the story. nice.) http://news.whrwfm.org/?q=node/204 Binghamton University has once again dropped the ball on securing the private information of students and parents. In a titanic breach of security, Binghamton University kept payment information for every student, possibly dating back at least ten years in a storage area next to one of the most trafficked lecture halls on campus, behind a door that was not only unlocked but taped open. The information itself contained social security numbers, credit card numbers, scans of tax forms, business information (including social security numbers and salary information for employees of students' parents), asylum records and more, all kept in a haphazard and disorganized fashion, sprawled out in boxes, in unlocked (yet lockable) filing cabinets and shelving units. And, to seemingly add insult to injury, the university left dollies and a shopping cart in the room, apparently to aid in any attempted theft. (Pictures of the room are beneath the story.) Over the recent years Binghamton University has acquired a reputation for being less than able to defend its students', and former students', personal information, especially when it comes to Social Security numbers. Over the past year alone the university has, inadvertently, e-mailed the social security numbers of 338 students in its school of management to over 200 students, has sent personal information of exchange students (including scans of passports and birth certificates) to student groups, and has, most recently, unceremoniously dumped the information of over 70 former graduate students into dumpsters on top of piles of shredded documents. In response to these egregious breaches the university administration created an Information Security Council, with a dedicated full time .information security officer. chairing the council, to make sure no new breaches would ever take place. This breach, however, is by far the worst to ever take place on Binghamton University's campus, and possibly any campus in recent history. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- NY: Binghamton University Jeopardizes the Private Information of Over a Hundred Thousand Individuals lyger (Mar 11)