RE: Web security breach changes the lives of 119 people

["Kim Dyer" <dyer () msu edu>]

> Chances are that nobody at Harvard Business School or ApplyYourself Inc. 
> bothered to contemplate the most obvious scenario: that somebody other 
> than the 119 accused, or their friends and family, was responsible for 
> the majority of (or all of) the attempts to access application records.

Actually, every report I've heard on this incident says that they 
Specifically DID consider that.

> What information of a personal nature would have been required in order 
> to access the pending application? 

Passwords and or PINs from what I've been reading.

> Perhaps it 
> was possible to browse any one of the pending applications once one had 
> penetrated the ApplyYourself Inc. security perimeter.

The reports I've seen said that you could only see the one application if
you saw anything.  I guess the majority just got a blank screen.

> This is more likely than is the scenario as it has been depicted.

You don't think it likely people would want to sneak a peek if they thought
they could?  That's pretty much just human nature.