CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
September 29th, 2008

Website breach in Sonoma State University exposes students Social Security numbers

A breach in Sonoma State University exposed about 600 former computer science students who have had their Social Security numbers on an internal department Web server. Though acknowledging the risk of identification theft, university officials said they were not aware of any criminal or inappropriate activity linked to the slip-up, which was discovered Sept. 2.

A former student accessed the roster of names and Social Security numbers through a networking site opened about six months earlier for people previously enrolled in computer science classes, SSU spokeswoman Susan Kashak said.

The Web site was closed to anyone but certain students, and the roster, though stored on the department server, was not directly linked to the site, university officials said.

The student apparently found the data using a Web crawler to search for odds and ends, they said. “Somehow that data inadvertently got accessible from the Web page,” officials said. “There were no links to it so you would ‘Click here to a list of alums’ or anything like that.“

There were no indications anyone else saw the list or accessed the data for ulterior purposes. It was expunged as soon as the student who found it brought to officials’ attention.

The file contained only names and Social Security numbers, so no other personal, confidential information was compromised, officials said. Affected students have nonetheless been advised to check their credit reports to make sure their information is not being used.

The security breach pales compared with a 2005 episode in which hackers gained access to seven campus workstations, exposing the names and Social Security numbers of 61,709 people who had applied to, attended or graduated from SSU from 1995 to 2002, the university said. Faculty data from 1999 to 2005 also was compromised in the hacking incident, though it did not appear any of the personal information was accessed or abused.

The Social Security numbers at issue this fall were improperly stored on a department server outside the management of SSU’s central information technology system and kept against university policy. Current rules prevent anyone on campus from having computer files with Social Security numbers absent specific permission. They used to be used to identify students before student identification numbers came into use, however.

A recent assessment of SSU’s information systems called for improved oversight of the independently managed computers and servers such as that containing the compromised data.

Share this item with others:

More on CyberInsecure:
  • Southern Connecticut State University Warns Of Data Breach After Web Defacement
  • SSNs Found On Texas A&M Corpus Christi Website, Student Data Exposed
  • Massive Data Breach In Eastern Washington University, 130,000 Student Records Exposed
  • Columbia University Students Private Details Available On Google-Hosted Website For 16 Months
  • Personal Details Of More Than 11,000 Former And Current University Of Florida Students Found On School Website

    • Posted in Breaches And Incidents, Data Theft, Privacy | Print This Post Print This Post

    This entry was posted on Monday, September 29th, 2008 at 4:52 pm and is filed under Breaches And Incidents, Data Theft, Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Website breach in Sonoma State University exposes students Social Security numbers

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »