Google search could have revealed Yale personal data

Share this article:

A Google search could have yielded the personal information of tens of thousands of people connected to Yale University in New Haven, Conn.

How many victims? 43,000 students, faculty, staff and alumni affiliated with the university in 1999.

What type of personal information? Names and Social Security numbers.

What happened? A file contained on a server was publicly searchable via Google for 10 months.

Details: The data was stored on a file-transfer protocol (FTP) server, which became searchable last September when Google began indexing FTP servers. Most of the information belonged to people who worked at Yale in 1999. It is unclear how many times the file was accessed, but school officials said it contained an "inconspicuous" name.

What was the response? The university created a center to handle questions from affected individuals, and is offering them two years of free credit monitoring and identity theft services.

Quote: "We immediately blocked that server from the internet, removed the file and did a complete scan of the server to make sure there were no additional at-risk files," IT Services Director Len Peters said.

Source: yaledailynews.com, Yale Daily News, "Yale affiliates' SSNs were searchable on Google," Aug. 17, 2011.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in The Data Breach Blog

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.