Yale Security Breach Reveals Data About Students and Staff

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.cnbc.com/id/44206510/Yale_Security_Breach_Reveals_Data_About_Students_and_Staff

By John Carney
Senior Editor, CNBC.com
19 Aug 2011

Yale University recently sent letters to alumni, faculty and staff 
informing them that the names and Social Security numbers of 43,000 people 
affiliated with Yale have been available to Google search engine users for 
the past 10 months.

"A Yale computer file that contained your name and Social Security number 
was stored for 10 months in a way that left it accessible to Google 
Internet searches," the letter explained. "The computer file was created 
in 1999 and was inadvertently moved to an insecure section of a computer 
server in July 2005. At that point, the file was no longer fully protected 
but could not be located by an ordinary Internet search engine. The 
situation changed in September 2010, when Google modified its search 
engine in a way that allowed it to locate files stored on servers like the 
one holding this file."

The letter came from Yale's Information Technology Services Director Len 
Peters. It offers those whose information was made available two years of 
free identity theft insurance.

"We have no indication that your information has been misused," the letter 
read.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/