SWCC student information exposed on the Internet
Technorati Tag: Security Breach
Date Reported:
10/10/08
Organization:
Southwest Mississippi Community College
Contractor/Consultant/Branch:
None
Location:
Summit, Mississippi
Victims:
Students
Number Affected:
"More than 1,000"
Types of Data:
"names, addresses, and in some cases, Social Security numbers"
Breach Description:
"SUMMIT, Miss. (AP) - Officials say at least 1,000 former Southwest Mississippi Community College students got a bit of a scare when it was determined some of their personal information was made available temporarily on the Internet."
Reference URL:
The Clarion-Ledger
WLBT Channel 3 News
WXVT Channel 15 News
Report Credit:
Elizabeth Crisp, Clarion-Ledger
Response:
From the online sources cited above:
More than 1,000 former Southwest Mississippi Community College students’ personal identities have been compromised because of a security breach at the Summit-based school, according to the state Attorney General’s office.
Steve Bishop, vice president of student affairs, said he became aware of the unintentional breach on Wednesday night and that the college had removed the personal content from its Internet server by 9 a.m. Thursday morning.
[Evan] How did the personal information get on the server in the first place? According to the news reports, the information was available via the internet too. Should we assume that this was an employee mistake? Oh boy.
Officials say the security breach involved names, addresses, and in some cases, Social Security numbers.
There have been no reports of students having their identities stolen as a result of the breach, according to a news release from the AG’s office.
College officials told the AG’s Consumer Protection Division that personal information was made available on the Internet.
"Our investigators have had discussion with college officials, who are fixing the problem," said Attorney General Jim Hood
[Evan] Hopefully "the" problem has been fixed by removing the personal information. Of course, there are probably bigger people and process related problems too.
"They assure us that they will be contacting students who are affected to assist them with credit monitoring."
Commentary:
There's not much information to report other than the fact that personal information was inadvertently posted to a server accessible from the internet. Who knows how the information got there or what the school plans to do in prevention of future breaches?
My guess is that this breach came about as a result of an employee mistake.
Past Breaches:
Unknown
Date Reported:10/10/08
Organization:
Southwest Mississippi Community College
Contractor/Consultant/Branch:
None
Location:
Summit, Mississippi
Victims:
Students
Number Affected:
"More than 1,000"
Types of Data:
"names, addresses, and in some cases, Social Security numbers"
Breach Description:
"SUMMIT, Miss. (AP) - Officials say at least 1,000 former Southwest Mississippi Community College students got a bit of a scare when it was determined some of their personal information was made available temporarily on the Internet."
Reference URL:
The Clarion-Ledger
WLBT Channel 3 News
WXVT Channel 15 News
Report Credit:
Elizabeth Crisp, Clarion-Ledger
Response:
From the online sources cited above:
More than 1,000 former Southwest Mississippi Community College students’ personal identities have been compromised because of a security breach at the Summit-based school, according to the state Attorney General’s office.
Steve Bishop, vice president of student affairs, said he became aware of the unintentional breach on Wednesday night and that the college had removed the personal content from its Internet server by 9 a.m. Thursday morning.
[Evan] How did the personal information get on the server in the first place? According to the news reports, the information was available via the internet too. Should we assume that this was an employee mistake? Oh boy.
Officials say the security breach involved names, addresses, and in some cases, Social Security numbers.
There have been no reports of students having their identities stolen as a result of the breach, according to a news release from the AG’s office.
College officials told the AG’s Consumer Protection Division that personal information was made available on the Internet.
"Our investigators have had discussion with college officials, who are fixing the problem," said Attorney General Jim Hood
[Evan] Hopefully "the" problem has been fixed by removing the personal information. Of course, there are probably bigger people and process related problems too.
"They assure us that they will be contacting students who are affected to assist them with credit monitoring."
Commentary:
There's not much information to report other than the fact that personal information was inadvertently posted to a server accessible from the internet. Who knows how the information got there or what the school plans to do in prevention of future breaches?
My guess is that this breach came about as a result of an employee mistake.
Past Breaches:
Unknown
Posted by Evan Francen at 10/15/2008 1:16 PM 
Categories: Employee Mistake, Southwest Mississippi Community College
Categories: Employee Mistake, Southwest Mississippi Community College
Posts Atom 1.0
The number of victims in this breach has been raised to at least 7,000.
Reply to this
Thank you Rob!
I will update the posting.
Evan
Reply to this
The number is not "at least 7000". It is just below 7000. It was reported by SMCC as "approximately 7000". I think the error in going to "more than 7000" started with the local press, and has been picked up by AP and everyone else. These people have reacted extremely quickly, doing all that they can to fix the problem in less than a week from date of awareness. Here is the site: http://www.smcc.edu/info/index.htm
Reply to this