BreachExchange mailing list archives
Security Breach Unsettling for Thousands of MSU Students
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Fri, 4 Mar 2011 23:45:20 -0500
http://ozarksfirst.com/fulltext?nxd_id=415606 (Springfield, MO) - More than 6,000 Missouri State University students have had their social security numbers compromised. School officials said Thursday that the university learned of an internal security breach on February 22. The breach affects 6,030 College of Education students, who were notified of the incident. According to MSU, in October and November of last year, the College of Education prepared nine lists of students, which included social security numbers. Those lists were meant to be posted on a secure server for personnel preparing the students' accreditation. It wasn't meant to be seen by anyone outside the school and people involved in that process. However, the school says the lists were accessible to the general public and ended up on Google. The exposed documents include information about students from nine semesters between 2005 and 2009. The university says since it discovered the breach, it has worked with Google to pull the lists so there are minimal "hits." Investigators don't think the people looking at the data were trying to get those social security numbers -- based on what they accessed. Google stores information, so the school had to work all the way until last weekend to get rid of those copies. The university says those pages had less than a couple dozen hits. It says out of all the students, it's still searching for contact information for only 6 of them. Calls have been pouring in to the school. "Out of 6,030 we are down to six that we have not been able to contact with an address a phone number of e-mail," says spokesman Jeff Morrissey. "Twenty-three hits and another thing that's important about that is out of the files that were hit, everyone of these hits were from residential type areas that we could determine." The students KOLR/KSFX talked to were shocked that the university they trusted so much with their personal information could accidentally leak it to the web. "That's a lot of trust in the university to have all of my information, keep it secure," says junior Courtney Beets. She planned to see what she could find out from her college counselor Thursday. "Well I thought I trusted them a lot, but now I'm not so sure," says Allison Hiegel, who's majoring in elementary education. "It worries me, especially because I haven't gotten an email yet saying anything about it That's a little scary to me." The university says it's offering to pay for a year of consumer identify theft protection insurance for all involved. At a negotiated rate of $7 per person, the total cost will be about $42,210. "That does make me feel a little bit safer," says Hiegl. Missouri's Attorney General was also notified, and the school has put into place a disciplinary action against the employee who posted the lists to the unsecured server. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Security Breach Unsettling for Thousands of MSU Students Jake Kouns (Mar 05)