Data for 43, 000 at Yale winds up in Google search results

[security curmudgeon <jericho () attrition org>]

http://www.theregister.co.uk/2011/08/24/yale_ftp_server/

Data for 43,000 at Yale winds up in Google search results
SNAFU discovered after FTP added to index
By Dan Goodin in San Francisco
Posted in ID, 24th August 2011 05:38 GMT

Yale University has warned 43,000 people that their names and Social 
Security numbers were publicly accessible for 10 months to anyone with an 
internet connection.

According to The Yale Daily News, the sensitive information was stored on 
an FTP server that was primarily used to store open-source materials. The 
mistake came to light only after Google introduced a change to its search 
index that included the contents of FTP servers.

Members of Yale's Information Technology Services didn't learn of the 
change until June 30.

There's no way of knowing how many people may have accessed the data, so 
Yale is offering those whose information was exposed free credit 
monitoring and identity theft insurance. Those affected were affiliated 
with the university in 1999.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/