BreachExchange mailing list archives
Re: University of MD mails 24000 SSN on front of envelope
From: "David Scott" <david-scott () david-scott net>
Date: Wed, 23 Jul 2008 12:32:06 -0500
It's not a systemic or technical failure, particularly, and Kim essentially nails it ("...are people just that bad at mail merge?"). The challenge is people - no technical system, policy or plan can overcome laxity or ignorance (even deliberate intent to harm can be handled). Everyone needs to become a mini security officer, and all activity needs to happen through a security prism. How to get there? Awareness - through training and refreshers. Also, a dominant security culture must be maintained - an eCulture. You may find interest my interview at Boston's Business Forum, with editor and found Thomas Faulhaber: http://businessforum.com/DScott_02.html Regards and success, David Scott Author I.T. Wars: Managing the Business-Technology Weave in the New Millennium www.david-scott.net Google: I.T. Wars - I.T. Wars now supports MBA graduate level courses at the University of Wisconsin Prior to initiating any major systems implementation or business change, David Scott should be required reading for the whole team. - Thomas Faulhaber, Editor and Founder of The Business Forum (R), Boston -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Kim Z. Dale Sent: Wednesday, July 23, 2008 11:07 AM To: dataloss () attrition org Subject: Re: [Dataloss] University of MD mails 24000 SSN on front of envelope It seems odd to me how many incidents of SSNs printed as part of a mailing address occur. Are all these places using the same software, or are people just that bad at mail merge? It seems like an odd thing to happen across multiple organizations. -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Henry Brown Sent: Wednesday, July 23, 2008 9:42 AM To: dataloss () attrition org Subject: [Dataloss] University of MD mails 24000 SSN on front of envelope From The University of MD Independent Daily Newspaper http://tinyurl.com/6j6rhv Social security numbers of students registered for fall 2008 classes, totaling nearly 24,000, were inadvertently printed on mailing labels for a parking brochure, the Department of Transportation Services said in an e-mail to students today. "The University apologizes, and deeply regrets this unfortunate mistake. We are taking aggressive steps to ensure that this does not happen again. We strongly recommend that you take appropriate precautions to mask, black out, or destroy this document after use," said the e-mail, signed by DOTS Director David Allen. The mailings were sent July 1, but the mistake was not discovered until July 8, when students began calling DOTS to complain, according to a website set up by DOTS specifically for this incident. The website can be found at http://www.transportation.umd.edu/parkingmailer/. The university is not aware of anyone's social security number being misused, added DOTS in the e-mail. The university will offer free Equifax reports to affected students, at a cost to the university of about $23 a person, said Vice President for Student Affairs Linda Clement. With Equifax, the students can monitor their credit or place a fraud alert on their account. Clement explained that when a DOTS employee collected names and addresses for the brochure, social security numbers and e-mail addresses would have appeared in the search, but were supposed to be removed from the labels. DOTS saw the e-mail addresses on the labels but didn't identify the social security numbers because they were not separated by the typical two dashes, she said. The incident is under investigation and the person involved has not been fired, Clement added. The delay in notifying students was due to the legal office negotiating a deal with Equifax. "We sincerely regret it," Clement said. "This is just an awful situation; we're trying to do everything we can to mitigate it." A letter explaining the situation and offering remedies will be sent to students Friday or Saturday, said Ann Wylie, the university president's chief of staff. "We were horribly upset that this happened," she said. "It was a human error." _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- University of MD mails 24000 SSN on front of envelope Henry Brown (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope Kim Z. Dale (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope Max Hozven (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope Michael Hill, CITRMS (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope Arshad Noor (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope Kyle Davis (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope David Scott (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope Kim Z. Dale (Jul 23)