Notre Dame employees' data exposed online for three years
Personal information on 24,000 staff posted on the Web from August 2006 to October 2009
Computerworld - In an embarrassing security gaffe, personal data on more than 24,000 past and present employees at the University of Notre Dame was made publicly available on the Web for more than three years.
The breach resulted when an employee inadvertently posted files containing the names, Social Security numbers and zip codes of the employees on a publicly accessible university Web site.
Files containing the data are believed to have been posted on the site in August 2006 and remained there until this October this year when they were finally discovered and reported to university officials.
The files have since been removed and secured and there is no evidence that the information has been inappropriately used, said Dennis Brown, Notre Dame's assistant vice president for news and information.
Included in the list of those affected by the breach are a "large number" of on-call and temporary employees, Brown said. All of those affected by the breach have been notified and the university has offered to pay for credit monitoring services, he said.
Notre Dame last suffered a data breach in January 2006, when unknown intruders broke into a server and accessed records belonging to an undisclosed number of individuals.
This is the second time this week that an organization has found itself in the news over an inadvertent data leak. On Sunday, a blogger discovered online a sensitive security manual containing detailed information on the screening procedures used by Transportation Security Administration agents at U.S. airports.
The document was supposed to have been redacted before it was posted on a government Web site, but wasn't.
As with the Notre Dame incident, the document was quickly removed once the lapse was reported but not before numerous copies of the document were posted at sites all over the Internet.
Though data breaches involving external hackers get most of the attention, inadvertent data exposures such as these latest examples are not all that uncommon. This June, a 267-page document listing all U.S. civilian nuclear sites, along with descriptions of their assets and activities, became available on whistleblower site Wikileaks.org days after a government Web site publicly posted the data by accident.
The sensitive, but unclassified, data had been compiled as part of a report being prepared by the federal government for the International Atomic Energy Agency (IAEA).
In another incident in October 2007, a student at Western Oregon University discovered a file containing personal data on student grades after it had been accidentally posted on a publicly accessible university server by an employee.
Numerous others breaches, including at government agencies, have also inadvertently leaked confidential and sensitive data over file-sharing networks.
Read more about Privacy in Computerworld's Privacy Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts