University of South Carolina Mistake Leads to Breach of 3,199 Records
Technorati Tag: Security Breach
Date Reported:
9/7/07
Organization:
University of South Carolina
Contractor/Consultant:
None
Victims:
University of South Carolina Biological Sciences Department students
Number Affected:
3,199
Types of Data:
Name, Social Security number, assignment scores, test scores, course grades and indications of academic misconduct.
Breach Description:
An Excel file containing sensitive information was mistakenly posted to a publicly accessible directory on the University of South Carolina Biological Sciences Department internet web site.
Reference URL:
The Daily Gamecock
http://www.myrtlebeachonline.com/575/story/179933.html
Report Credit:
Aaron Titus of the Web site SSNBreach.org
Response:
From the online articles depicted above:
"Social Security numbers, test scores and course grades for nearly 3,200 students were available online and turned up in a Yahoo search, said Aaron Titus of the Web site SSNBreach.org"
"Eighteen files that appeared to have full names, social security numbers, assignment scores, test scores, course grades and indications of academic misconduct of up to 3,199 students were found online, Titus said"
"cached versions of the information are still available online and major search engines had indexed the information, Titus said"
[Comfyllama] See below
"USC President Andrew Sorensen was unavailable for comment"
"According to the Family Educational Rights and Privacy Act of 1974, commonly known as FERPA, student education records may not be disclosed to anyone unless the student has given written consent"
Commentary:
Less than a couple of weeks ago we posted a University of Illinois breach that affected over 5,000 College of Engineering students when a staff member inadvertently attached a spreadsheet containing sensitive information in an email distribution list.
This is still early, so "official" responses from the University of South Carolina are still pending.
At the time of this writing, the site directories are still available online but files have been sanitized:
A cached Yahoo! search shows the directories as they were when discovered (notice the larger file sizes):
Past Breaches:
None
Date Reported:
9/7/07
Organization:
University of South Carolina
Contractor/Consultant:
None
Victims:
University of South Carolina Biological Sciences Department students
Number Affected:
3,199
Types of Data:
Name, Social Security number, assignment scores, test scores, course grades and indications of academic misconduct.
Breach Description:
An Excel file containing sensitive information was mistakenly posted to a publicly accessible directory on the University of South Carolina Biological Sciences Department internet web site.
Reference URL:
The Daily Gamecock
http://www.myrtlebeachonline.com/575/story/179933.html
Report Credit:
Aaron Titus of the Web site SSNBreach.org
Response:
From the online articles depicted above:
"Social Security numbers, test scores and course grades for nearly 3,200 students were available online and turned up in a Yahoo search, said Aaron Titus of the Web site SSNBreach.org"
"Eighteen files that appeared to have full names, social security numbers, assignment scores, test scores, course grades and indications of academic misconduct of up to 3,199 students were found online, Titus said"
"cached versions of the information are still available online and major search engines had indexed the information, Titus said"
[Comfyllama] See below
"USC President Andrew Sorensen was unavailable for comment"
"According to the Family Educational Rights and Privacy Act of 1974, commonly known as FERPA, student education records may not be disclosed to anyone unless the student has given written consent"
Commentary:
Less than a couple of weeks ago we posted a University of Illinois breach that affected over 5,000 College of Engineering students when a staff member inadvertently attached a spreadsheet containing sensitive information in an email distribution list.
This is still early, so "official" responses from the University of South Carolina are still pending.
At the time of this writing, the site directories are still available online but files have been sanitized:
A cached Yahoo! search shows the directories as they were when discovered (notice the larger file sizes):
Past Breaches:
None
Posted by Evan Francen at 9/6/2007 9:27 PM 
Categories: University of South Carolina, Employee Mistake
Categories: University of South Carolina, Employee Mistake
Posts Atom 1.0
Comments