FIU notifies students and faculty of insecure database containing personal information
|
Date Reported:
6/22/10
Organization:
Florida International University ("FIU")
Contractor/Consultant/Branch:
College of Education
Location:
Victims:
Students and faculty members
Number Affected:
"19,407 students and 88 faculty members"
Types of Data:
"personal data (such) as GPAs, test scores, and Social Security numbers"
Breach Description:
"College of Education students and faculty members whose names were found in an unsecure database last month are being notified this week that some of their information may have been accessible to the public."
Reference URL:
Florida International University Announcement
Infosecurity-us.com
Report Credit:
Florida International University
Response:
From the online sources cited above:
College of Education students and faculty members whose names were found in an unsecure database last month are being notified this week that some of their information may have been accessible to the public.
This database was used in connection with the College of Education students’ E-Folio software application, which captured students’ mastery of State of Florida and national teacher education standards through the tracking of grades, test scores, completed assignments and other data elements.
[Evan] Why collect and store Social Security numbers?
The database contained information such as GPAs, test scores and social security numbers, on more than 19,000 students and the social security numbers of 88 faculty members.
This information is now secure.
[Evan] A relative term.
Although there is no indication that an unauthorized person actually has retrieved and is using personal information, the university is notifying those affected, as required by law, and alerting them of preventive measures that can be taken to protect themselves from possible misuse of personal information.
The possible breach was uncovered in early May 2010 after the IT Security Office conducted a review of an unrelated hacking incident against the FIU College of Education website.
[Evan] I know that budget is always a concern, but externally facing web sites should be scanned and/or tested for information security vulnerabilities and exposures on a regular/periodic basis. In this incident, the IT Security Office stumbled across this breach, largely on accident.
Commentary:
It's good that FIU found this breach and appears to have responded to it appropriately, but the method in which they found it is not optimal, to say the least. As far as any preventative measures in place, your guess is as good as mine.
Past Breaches:
Unknown
Posted by Evan Francen at 6/28/2010 11:00 AM 
Categories: Poor Business Practice, Florida International University
Categories: Poor Business Practice, Florida International University
Posts Atom 1.0
Comments