BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Update: Harvard student database hacked, posted on BitTorrent

From: "B.K. DeLong" <bkdelong () pobox com>
Date: Thu, 13 Mar 2008 15:11:39 -0400
I'm up at SourceBoston right now with limited access - what are the
FERPA repercussions for this breach?

On Thu, Mar 13, 2008 at 2:58 PM, lyger <lyger () attrition org> wrote:


 http://www.news.com/8301-10789_3-9893174-57.html?part=rss&subj=news&tag=2547-1_3-0-5

 Harvard says about 10,000 of last year's applicants may have had their
 personal information compromised. At least 6,600 Social Security numbers
 were exposed. Worse, a compressed 125 M-byte file containing the stolen
 student data is currently available via BitTorrent, a peer-to-peer
 network.

 [.]

 A BitTorrent file containing the stolen data includes a note that reads in
 part "maybe you don't like it but this is to demonstrate that persons like
 tgatton(admin of the server) in they don't know how to secure a website."
 The BitTorrent file consists of a server backup of the GSAS site with a
 full directory structure and three databases: joomla.slq, the main
 database; contacts.sql which is a database of contacts; and hgs.sql, a
 miscellaneous file.

 [...]
 _______________________________________________
 Dataloss Mailing List (dataloss () attrition org)
 http://attrition.org/dataloss

 Tenable Network Security offers data leakage and compliance monitoring
 solutions for large and small networks. Scan your network and monitor your
 traffic to find the data needing protection before it leaks out!
 http://www.tenablesecurity.com/products/compliance.shtml





-- 
B.K. DeLong (K3GRN)
bkdelong () pobox com
+1.617.797.8471

http://www.wkdelong.org Son.
http://www.ianetsec.com Work.
http://www.bostonredcross.org Volunteer.
http://www.carolingia.eastkingdom.org Service.
http://bkdelong.livejournal.com Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
Previous By Date Next
Previous By Thread Next

Current thread: