Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Universities riskiest place for SSN

From: "Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Mon, 8 Nov 2010 17:16:50 -0500
Some medical insurance policies/providers require it.


----- Original Message -----
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Mon Nov 08 16:22:23 2010
Subject: Re: [SECURITY] Universities riskiest place for SSN

I think the SSN is required to apply for financial aid.  Other than that, we don't require it, but most students 
provide it.

Steven Alexander Jr.
Online Education Systems Manager
Merced College


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dan 
Peterson
Sent: Monday, November 08, 2010 1:13 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Universities riskiest place for SSN

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I agree that High-Ed does report things that private industry does not;
however, why does Higher-Ed need the student SSN in the first place

All the school I have ever been at when you complain you can get a student
ID.

- --
Dan

- -----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Lococo
Sent: Monday, November 08, 2010 12:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Universities riskiest place for SSN

On 11/08/2010 02:32 PM, Eric Case wrote:

The original post,
http://blogs.mcafee.com/consumer/identity-theft/top-ten-most-dangerous
-place s-to-leave-your-social-security-number, says, "Robert
Siciliano, on behalf of McAfee,  analyzed data breaches published by
the Identity Theft Resource Center, Privacy Rights Clearinghouse and
the Open Security Foundation that involved Social Security number
breaches from January 2009 - October 2010 to reveal the riskiest
places to lose your ID."

It is unclear if they ranked by number of records/breach or number of
breaches.


My read is that the number in parens at the end of each top-10 entry is a
breach-count (it's certainly not a record-count), which is used as the
ranking/sorting key.  Since the data is from a report covering 2009-2010,
it's fairly recent.

If one is looking for a methodology flaw that excuses Higher-Ed's number-one
spot on the list, it's probably the failure to account for our culture of
openness.  You don't see other industries announcing a breach and then
saying "there was no evidence of unauthorized access, but we're calling this
a breach and announcing it anyway", which is fairly common from higher-ed
institutions.  We might get dwarfed on record count as-well, but that you
can't see that data without buying the original report.

Cheers,
Mike Lococo


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.1 (Build 287)
Charset: us-ascii

wj8DBQFM2GfF5chTNtilRz8RAn4wAJ9gymPQEqAIIVg01pDhBOhXqdy5zwCeLTDC
Hn1Gf7GfUsZ6SRGyz8+NSdM=
=vdAe
-----END PGP SIGNATURE-----

This email has been scanned by a Spam/Virus Firewall. If your email has been classifed as Spam please contact the 
HelpDesk at (209) 384-6180.
Previous By Date Next
Previous By Thread Next

Current thread: