Buena Vista University announces breach affecting 93,000 people
|
Date Reported:
7/16/10
Organization:
Buena Vista University
Contractor/Consultant/Branch:
None
Location:
Victims:
"BVU students (applicants, former and current), parents, faculty/staff (current and former), alumni and some donor"s
Number Affected:
"about 93,000"
Types of Data:
"names, Social Security numbers and some driver’s license numbers"
Breach Description:
"Buena Vista University has had a data breach on campus. We engaged a nationally-recognized computer forensics team to conduct an investigation and learned someone gained unauthorized access to a BVU database."
Reference URL:
Buena Vista University Data Breach Information
Chicago Tribune
PR Newswire
Report Credit:
Buena Vista University
Response:
From the online sources cited above:
Buena Vista University has had a data breach on campus.
University officials say it could affect about 93,000 people.
We engaged a nationally-recognized computer forensics team to conduct an investigation and learned someone gained unauthorized access to a BVU database.
[Evan] Engaging a "nationally-recognized computer forensics team" sounds pretty impressive. It would be nice if BVU would explain how someone gained unauthorized access.
The information that this person could have accessed includes names, Social Security numbers and some driver’s license numbers of BVU students (applicants, former and current), parents, faculty/staff (current and former), alumni and some donor records.
[Evan] Notice the words "this person"?
These records date back to 1987.
[Evan] Sheesh. That's ~23 years of accumulated data! I can understand the potential need to keep this information archived, but why did/does the university need to keep it online? Supposing they did.
Although we have no evidence that any personal information has been misused or disclosed to other persons, we have notified via letter all university stakeholders whose personal information may have been accessed.
The letters contain information on how to access a one-year subscription to Experian’s Triple Alert, a credit monitoring service BVU is providing free of charge.
[Evan] Do you think Experian likes breaches of personal information? Isn't Experian one of the organizations that is responsible for keeping credit histories? The same credit histories that they are charging people to protect? I don't know, but if Experian is going to keep records, shouldn't it be their responsibility to ensure that they are accurate? It would be nice if we all had this power; to keep records and then charge somebody else to make sure that they are accurate. I won't even start mentioning how much of your information they sell to marketers. Seems like a racket.
The service provides timely alerts of any key changes to credit reports as well as fraud resolution assistance, if needed.
To determine if you will be among those notified, you may call the university at 8 a.m. to 5 p.m. CT, Monday-Friday.
We regularly review our security measures and processes and remain committed to maintaining the privacy and security of all confidential data.
We are currently working with a nationally-recognized outside expert to mitigate any risk of potential harm and are taking the steps necessary to prevent any future unauthorized access to BVU’s information systems.
[Evan] Wow, that's a lot of "nationally-recognized" expertise. Just tell me how in the world you can take "the steps necessary to prevent any future unauthorized access to BVU's information systems". I hope that the nationally-recognized outside expert didn't help them write this news release; because it is impossible to prevent ANY future unauthorized access. Words I know, what do they mean anyway?
The incident has now been referred to the U.S. Attorney for the District of Minnesota.
We deeply regret this incident and are committed to protecting the personal information of all our stakeholders.
Commentary:
Well it's hard to comment on the details of a breach when we don't know how the breach occurred. All we know is that a "person" gained unauthorized access to personal information for which BVU was the custodian. I could guess, but I don't feel like it ;)
Past Breaches:
Unknown
Posts Atom 1.0
Words mean whatever you want them to mean. Don't take my "word" for it, ask the Supreme Court. We passed 1984 many years ago. I believe I have read the US constitution at least 1000 times and I don't remember anything about abortions, third trimesters, or any other innumerable things the 9 dictators with black robes who occupy said Supreme Court keep finding in our constitution.
Reply to this