Student reporter who discovered university security breach punished but not expelled

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.splc.org/newsflash.asp?id=1621

By Moriah Balingit
SPLC staff writer
October 5, 2007

OREGON -- When Western Oregon University student journalist Blair Loving 
opened up a mysteriously placed file on the university's public server 
last June, he thought he would find information about the College of 
Education. Instead, he uncovered a file containing the names, Social 
Security numbers, grade point averages and other sensitive information of 
former students.

Loving's decision to download the file so that the campus newspaper, the 
Western Oregon Journal, could report on the security breach nearly ended 
his tenure as a student and led to the dismissal of the paper's adviser, 
Susan Wickstrom, for allegedly mishandling a copy of the file and for 
failing to advise the students about the university's computer policies.

Loving learned at a disciplinary hearing Sept. 28 that he would not be 
expelled, but the infraction will remain on his record. Wickstrom was 
informed in August that her contract would not be renewed.

"I worked there for seven years ...and I really feel like I had an 
excellent relationship with the students," Wickstrom said. "So I was 
really shocked and stunned to not have my contract renewed."

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml