Private Documents Found in Trash at University of Kansas Leaked
Technorati Tag: Security Breach
Date Reported:
9/19/07
Organization:
University of Kansas
Contractor/Consultant:
None
Victims:
University of Kansas students
Number Affected:
Unknown
Types of Data:
Immigration forms, copies of Social Security cards, final exams, transcript release forms and other sensitive information.
Breach Description:
Packages containing copies of the sensitive documents were sent anonymously to numerous media outlets anonymously. The documents were presumably recovered from the trash according to a letter accompanying the packages.
Reference URL:
Channel 49 News ABC
The Capital-Journal
Report Credit:
The Capital-Journal
Response:
From the online resources referenced above:
"The University of Kansas today launched an investigation into the unauthorized release of personal information and records to area media"
“We’ve been informed that personal documents and records were sent to the media, along with allegations of improper handling of private information,” said Lynn Bretz, director of University Communications.
"Clearly, this information was mishandled," said Lynn Bretz, Director Of University Communications at KU. "If someone can take personal records, make copies of them and send them to media in the area, something has gone wrong."
“The protection of private data is critical, which is why we’ve started an investigation into where these records came from and what changes need to be made to ensure a similar breach doesn’t occur again.”
[Comfyllama] This is a prudent statement from the University of Kansas.
"The unauthorized release reportedly came in the form of two separate manila envelopes covered with stamps mailed on Sept. 17 to area media outlets by anonymous parties claiming to be current or former university employees."
[Comfyllama] I'm curious if these are disgruntled current and former employees or just good faith whistle blowers. I obviously prefer the latter because the former can be very dangerous.
"the records all originated in the mathematics department and were taken from trash and recycling receptacles in university offices and from other locations on campus."
"The university is seeking the immediate return of these records so they can be properly safeguarded and so a full investigation can determine what steps need to be taken to ensure the protection of private data."
[Comfyllama] Too late.
Victim Statements:
"To know that they're being thrown out is kind of ridiculous," said Jawad Ahmad, senior at KU. "I understand it's a big university, but Social Security numbers are important to everyone."
"I think it's absolutely ridiculous and they should be held accountable," said Clint Andrews, a sophomore at KU.
"I pay them my money to come here. I live here, I eat their food, they teach me things, It's a relationship where you have to have a lot of trust." said Young Han Lester, one of the student's whose information was sent out.
"I think it's just a lesson that needed to be learned," said KU freshman Amanda Lang. "They should discard people's numbers, or students' ID numbers or Social Security numbers carefully."
Commentary:
This is an interesting story. This is the first time I can recall a package containing sensitive documents being sent to the media by current and former employees of a university. If we are to take the anonymous tipster at his/her word, then this is a serious lack of security awareness on the part of KU employees. A part of me wonders if this was the work of a disgruntled employee that stole the documents instead of finding them in the garbage. Maybe it's the conspiracy theorist in me.
Lesson; shred sensitive/confidential documents or use a certified vendor to do so.
Past Breaches:
Unknown
Date Reported:
9/19/07Organization:
University of Kansas
Contractor/Consultant:
None
Victims:
University of Kansas students
Number Affected:
Unknown
Types of Data:
Immigration forms, copies of Social Security cards, final exams, transcript release forms and other sensitive information.
Breach Description:
Packages containing copies of the sensitive documents were sent anonymously to numerous media outlets anonymously. The documents were presumably recovered from the trash according to a letter accompanying the packages.
Reference URL:
Channel 49 News ABC
The Capital-Journal
Report Credit:
The Capital-Journal
Response:
From the online resources referenced above:
"The University of Kansas today launched an investigation into the unauthorized release of personal information and records to area media"
“We’ve been informed that personal documents and records were sent to the media, along with allegations of improper handling of private information,” said Lynn Bretz, director of University Communications.
"Clearly, this information was mishandled," said Lynn Bretz, Director Of University Communications at KU. "If someone can take personal records, make copies of them and send them to media in the area, something has gone wrong."
“The protection of private data is critical, which is why we’ve started an investigation into where these records came from and what changes need to be made to ensure a similar breach doesn’t occur again.”
[Comfyllama] This is a prudent statement from the University of Kansas.
"The unauthorized release reportedly came in the form of two separate manila envelopes covered with stamps mailed on Sept. 17 to area media outlets by anonymous parties claiming to be current or former university employees."
[Comfyllama] I'm curious if these are disgruntled current and former employees or just good faith whistle blowers. I obviously prefer the latter because the former can be very dangerous.
"the records all originated in the mathematics department and were taken from trash and recycling receptacles in university offices and from other locations on campus."
"The university is seeking the immediate return of these records so they can be properly safeguarded and so a full investigation can determine what steps need to be taken to ensure the protection of private data."
[Comfyllama] Too late.
Victim Statements:
"To know that they're being thrown out is kind of ridiculous," said Jawad Ahmad, senior at KU. "I understand it's a big university, but Social Security numbers are important to everyone."
"I think it's absolutely ridiculous and they should be held accountable," said Clint Andrews, a sophomore at KU.
"I pay them my money to come here. I live here, I eat their food, they teach me things, It's a relationship where you have to have a lot of trust." said Young Han Lester, one of the student's whose information was sent out.
"I think it's just a lesson that needed to be learned," said KU freshman Amanda Lang. "They should discard people's numbers, or students' ID numbers or Social Security numbers carefully."
Commentary:
This is an interesting story. This is the first time I can recall a package containing sensitive documents being sent to the media by current and former employees of a university. If we are to take the anonymous tipster at his/her word, then this is a serious lack of security awareness on the part of KU employees. A part of me wonders if this was the work of a disgruntled employee that stole the documents instead of finding them in the garbage. Maybe it's the conspiracy theorist in me.
Lesson; shred sensitive/confidential documents or use a certified vendor to do so.
Past Breaches:
Unknown
Posts Atom 1.0
I think that when such things happen, the person/institution that lost the information should pay fat checks so they learn that such information is valuable and must not be lost under any circumstance.
Reply to this