Notre Dame employees' data exposed online for three years
Personal information on 24,000 staff posted on the Web from August 2006 to October 2009
Computerworld - In an embarrassing security gaffe, personal data on more than 24,000 past and present employees at the University of Notre Dame was made publicly available on the Web for more than three years.
The breach resulted when an employee inadvertently posted files containing the names, Social Security numbers and zip codes of the employees on a publicly accessible university Web site.
Files containing the data are believed to have been posted on the site in August 2006 and remained there until this October this year when they were finally discovered and reported to university officials.
The files have since been removed and secured and there is no evidence that the information has been inappropriately used, said Dennis Brown, Notre Dame's assistant vice president for news and information.
Included in the list of those affected by the breach are a "large number" of on-call and temporary employees, Brown said. All of those affected by the breach have been notified and the university has offered to pay for credit monitoring services, he said.
Notre Dame last suffered a data breach in January 2006, when unknown intruders broke into a server and accessed records belonging to an undisclosed number of individuals.
This is the second time this week that an organization has found itself in the news over an inadvertent data leak. On Sunday, a blogger discovered online a sensitive security manual containing detailed information on the screening procedures used by Transportation Security Administration agents at U.S. airports.
The document was supposed to have been redacted before it was posted on a government Web site, but wasn't.
As with the Notre Dame incident, the document was quickly removed once the lapse was reported but not before numerous copies of the document were posted at sites all over the Internet.
Though data breaches involving external hackers get most of the attention, inadvertent data exposures such as these latest examples are not all that uncommon. This June, a 267-page document listing all U.S. civilian nuclear sites, along with descriptions of their assets and activities, became available on whistleblower site Wikileaks.org days after a government Web site publicly posted the data by accident.
The sensitive, but unclassified, data had been compiled as part of a report being prepared by the federal government for the International Atomic Energy Agency (IAEA).
In another incident in October 2007, a student at Western Oregon University discovered a file containing personal data on student grades after it had been accidentally posted on a publicly accessible university server by an employee.
Numerous others breaches, including at government agencies, have also inadvertently leaked confidential and sensitive data over file-sharing networks.
Read more about Privacy in Computerworld's Privacy Topic Center.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!