Yale Security Breach Reveals Data About Students and Staff

[InfoSec News <alerts () infosecnews org>]

http://www.cnbc.com/id/44206510/Yale_Security_Breach_Reveals_Data_About_Students_and_Staff

By John Carney
Senior Editor, CNBC.com
19 Aug 2011

Yale University recently sent letters to alumni, faculty and staff 
informing them that the names and Social Security numbers of 43,000 
people affiliated with Yale have been available to Google search engine 
users for the past 10 months.

"A Yale computer file that contained your name and Social Security 
number was stored for 10 months in a way that left it accessible to 
Google Internet searches," the letter explained. "The computer file was 
created in 1999 and was inadvertently moved to an insecure section of a 
computer server in July 2005. At that point, the file was no longer 
fully protected but could not be located by an ordinary Internet search 
engine. The situation changed in September 2010, when Google modified 
its search engine in a way that allowed it to locate files stored on 
servers like the one holding this file."

The letter came from Yale's Information Technology Services Director Len 
Peters. It offers those whose information was made available two years 
of free identity theft insurance.

"We have no indication that your information has been misused," the 
letter read.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/