Florida university notifies students and faculty of possible data exposure

[Rebecca Chickering <rchickering () gmail com>]

http://news.fiu.edu/2010/06/university-to-notify-students-and-faculty-regarding-unsecure-database/

Florida International University is in the process of sending
notification letters to 19 407 students and 88 faculty members after
the university’s IT Security Office discovered personal data may have
been exposed over the internet via a database’s external search
function.

The possible breach was uncovered in early May 2010 after the IT
Security Office conducted a review of an unrelated hacking incident
against the FIU College of Education website. According to the
notification letter obtained by Infosecurity, the office found the
“existence of a database containing sensitive information that did not
reside in a secure computing environment”.

An announcement posted on the FIU website lists the personal data as
GPAs, test scores, and Social Security numbers that were stored on the
College of Education’s E-Folio software app. This database kept track
of student data related to state mastery standards, grade tracking,
assignments, and Social Security numbers for both students and
faculty.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php