NY: Binghamton University Jeopardizes the Private Information of Over a Hundred Thousand Individuals

[lyger <lyger () attrition org>]

(note that the article's author apparently includes a photo of his own 
Fall 2006 semester bill below the story.  nice.)

http://news.whrwfm.org/?q=node/204

Binghamton University has once again dropped the ball on securing the 
private information of students and parents. In a titanic breach of 
security, Binghamton University kept payment information for every 
student, possibly dating back at least ten years in a storage area next to 
one of the most trafficked lecture halls on campus, behind a door that was 
not only unlocked but taped open. The information itself contained social 
security numbers, credit card numbers, scans of tax forms, business 
information (including social security numbers and salary information for 
employees of students' parents), asylum records and more, all kept in a 
haphazard and disorganized fashion, sprawled out in boxes, in unlocked 
(yet lockable) filing cabinets and shelving units. And, to seemingly add 
insult to injury, the university left dollies and a shopping cart in the 
room, apparently to aid in any attempted theft. (Pictures of the room are 
beneath the story.)

Over the recent years Binghamton University has acquired a reputation for 
being less than able to defend its students', and former students', 
personal information, especially when it comes to Social Security numbers. 
Over the past year alone the university has, inadvertently, e-mailed the 
social security numbers of 338 students in its school of management to 
over 200 students, has sent personal information of exchange students 
(including scans of passports and birth certificates) to student groups, 
and has, most recently, unceremoniously dumped the information of over 70 
former graduate students into dumpsters on top of piles of shredded 
documents. In response to these egregious breaches the university 
administration created an Information Security Council, with a dedicated 
full time .information security officer. chairing the council, to make 
sure no new breaches would ever take place. This breach, however, is by 
far the worst to ever take place on Binghamton University's campus, and 
possibly any campus in recent history.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss