U of Akron loses 1,200 SSNs, "extremely low risk"
Technorati Tag: Security Breach
Date Reported:
10/24/07
Organization:
University of Akron
Contractor/Consultant/Branch:
"an outside vendor"
Victims:
Alumni and graduates from the University of Akron attending the school in the fall of 1974.
Number Affected:
1,200
Types of Data:
Name, previous address, phone number, birth date, and Social Security number.
Breach Description:
A microfilm containing sensitive personal information about students attending the University of Akron in the fall of 1974 has gone missing from an unnamed third-party vendor. The third-party vendor was in the process of digitizing the reels of microfilm.
Reference URL:
Beacon Journal Story
WKYC-TV Online Story
Report Credit:
WKYC-TV
Response:
From the online articles cited above:
"The University of Akron has notified approximately 1200 alumni from the fall semester graduating class of 1974 that a reel of microfilm containing personal information has been lost."
"The University says the microfilm contained the names, dates of birth, Social Security numbers and other information from the former students."
"The reel had been one of many being digitized by an outside party as part of an effort to preserve university data."
"Both the University of Akron and the vendor say an exhaustive search failed to turn up the missing reel. As a result, the university notified potentially affected alumni"
""Even though we believe this incident puts the affected graduates at extremely low risk of identity theft, we felt it was essential to notify them of this situation," says Dr. Charles J. Fey, UA's vice president for student affairs."
[Comfyllama] Extremely low risk? I disagree. Maybe if the microfilm contained maiden names, and answers to secret questions there would be more of a risk. As long as organizations use Social Security numbers for identification purposes, then the compromise of such information poses a significant risk of identity theft. If the school thinks there is an extremely low risk, then why bother notifying any of the victims? Dr. Fey should take some time to read the news.
""We also are offering any of the affected alumni a year of fraud protection service at no cost." Fey's comments were part of a news release issued by the university."
[Comfyllama] After a year, people will forget all about this and get on with their lives.
Commentary:
I am disappointed and disturbed by Dr. Fey's comments. Why is it important for the University of Akron to keep Social Security numbers of students that attended the school over 30 years ago? I think the University of Akron would be better off spending time on data security instead of data preservation.
Past Breaches:
Unknown
Date Reported:10/24/07
Organization:
University of Akron
Contractor/Consultant/Branch:
"an outside vendor"
Victims:
Alumni and graduates from the University of Akron attending the school in the fall of 1974.
Number Affected:
1,200
Types of Data:
Name, previous address, phone number, birth date, and Social Security number.
Breach Description:
A microfilm containing sensitive personal information about students attending the University of Akron in the fall of 1974 has gone missing from an unnamed third-party vendor. The third-party vendor was in the process of digitizing the reels of microfilm.
Reference URL:
Beacon Journal Story
WKYC-TV Online Story
Report Credit:
WKYC-TV
Response:
From the online articles cited above:
"The University of Akron has notified approximately 1200 alumni from the fall semester graduating class of 1974 that a reel of microfilm containing personal information has been lost."
"The University says the microfilm contained the names, dates of birth, Social Security numbers and other information from the former students."
"The reel had been one of many being digitized by an outside party as part of an effort to preserve university data."
"Both the University of Akron and the vendor say an exhaustive search failed to turn up the missing reel. As a result, the university notified potentially affected alumni"
""Even though we believe this incident puts the affected graduates at extremely low risk of identity theft, we felt it was essential to notify them of this situation," says Dr. Charles J. Fey, UA's vice president for student affairs."
[Comfyllama] Extremely low risk? I disagree. Maybe if the microfilm contained maiden names, and answers to secret questions there would be more of a risk. As long as organizations use Social Security numbers for identification purposes, then the compromise of such information poses a significant risk of identity theft. If the school thinks there is an extremely low risk, then why bother notifying any of the victims? Dr. Fey should take some time to read the news.
""We also are offering any of the affected alumni a year of fraud protection service at no cost." Fey's comments were part of a news release issued by the university."
[Comfyllama] After a year, people will forget all about this and get on with their lives.
Commentary:
I am disappointed and disturbed by Dr. Fey's comments. Why is it important for the University of Akron to keep Social Security numbers of students that attended the school over 30 years ago? I think the University of Akron would be better off spending time on data security instead of data preservation.
Past Breaches:
Unknown
Posts Atom 1.0
Comments