Identity Details on 111 Purdue Students Exposed on Internet Server
Technorati Tag: Security Breach
Date Reported:
9/10/07
Organization:
Purdue University
Contractor/Consultant:
None
Victims:
Students enrolled in the Animal Sciences 102 class during the fall 2004 semester.
Number Affected:
111
Types of Data:
Name and Social Security number
Breach Description:
During an internal search on Purdue's networks a file containing sensitive information was discovered on computer used on the Internet. The page containing the file was "no longer in use", but still connected to the Internet.
Reference URL:
http://news.uns.purdue.edu/coa0709.html
Report Credit:
Purdue University
Response:
From the Purdue Web site:
"A potential problem involving identity theft may affect 111 individuals who were Purdue University students in the fall of 2004."
"The page has been removed, and letters are in the mail to those potentially affected."
"We do not know that anyone has used this information for illegal purposes, but that possibility exists."
"If you do not receive a notice but would like to be sure your information was not involved, please call toll-free to ."
"Purdue has discontinued the use of Social Security numbers, except where required by law."
[Comfyllama] Horray for Purdue! This is an excellent standard practice. Social Security numbers were never meant to be used as identification when FDR & Co. introduced them in 1935, at least not how they are now.
"Purdue also has a large-scale program to improve its security under way called SecurePurdue."
"Purdue is centralizing records that must contain Social Security numbers as well as conforming to a high level of computer authentication, authorization and encryption for access to these records."
Commentary:
This is an oops, but fairly common in many IT shops whether they admit it or not. Purdue has taken great strides in their protection of data, especially personally identifiable data (PII) such as Social Security numbers. Although the chances that someone accessed the file in this breach may be slim, Purdue did the right thing and they deserve some credit for that. I am confident in Purdue's information security program understanding that security is a never-ending evolution.
Past Breaches:
None Recent
Date Reported:
9/10/07
Organization:
Purdue University
Contractor/Consultant:
None
Victims:
Students enrolled in the Animal Sciences 102 class during the fall 2004 semester.
Number Affected:
111
Types of Data:
Name and Social Security number
Breach Description:
During an internal search on Purdue's networks a file containing sensitive information was discovered on computer used on the Internet. The page containing the file was "no longer in use", but still connected to the Internet.
Reference URL:
http://news.uns.purdue.edu/coa0709.html
Report Credit:
Purdue University
Response:
From the Purdue Web site:
"A potential problem involving identity theft may affect 111 individuals who were Purdue University students in the fall of 2004."
"The page has been removed, and letters are in the mail to those potentially affected."
"We do not know that anyone has used this information for illegal purposes, but that possibility exists."
"If you do not receive a notice but would like to be sure your information was not involved, please call toll-free to ."
"Purdue has discontinued the use of Social Security numbers, except where required by law."
[Comfyllama] Horray for Purdue! This is an excellent standard practice. Social Security numbers were never meant to be used as identification when FDR & Co. introduced them in 1935, at least not how they are now.
"Purdue also has a large-scale program to improve its security under way called SecurePurdue."
"Purdue is centralizing records that must contain Social Security numbers as well as conforming to a high level of computer authentication, authorization and encryption for access to these records."
Commentary:
This is an oops, but fairly common in many IT shops whether they admit it or not. Purdue has taken great strides in their protection of data, especially personally identifiable data (PII) such as Social Security numbers. Although the chances that someone accessed the file in this breach may be slim, Purdue did the right thing and they deserve some credit for that. I am confident in Purdue's information security program understanding that security is a never-ending evolution.
Past Breaches:
None Recent
Posts Atom 1.0
Comments