August 23, 2011

Google search could have revealed Yale personal data

A Google search could have yielded the personal information of tens of thousands of people connected to Yale University in New Haven, Conn.

How many victims? 43,000 students, faculty, staff and alumni affiliated with the university in 1999.

What type of personal information? Names and Social Security numbers.

What happened? A file contained on a server was publicly searchable via Google for 10 months.

Details: The data was stored on a file-transfer protocol (FTP) server, which became searchable last September when Google began indexing FTP servers. Most of the information belonged to people who worked at Yale in 1999. It is unclear how many times the file was accessed, but school officials said it contained an "inconspicuous" name.

What was the response? The university created a center to handle questions from affected individuals, and is offering them two years of free credit monitoring and identity theft services.

Quote: "We immediately blocked that server from the internet, removed the file and did a complete scan of the server to make sure there were no additional at-risk files," IT Services Director Len Peters said.

Source: yaledailynews.com, Yale Daily News, "Yale affiliates' SSNs were searchable on Google," Aug. 17, 2011.

Previous Post
Next Post
Similar Articles
Related Topics
Related Links
close

Next Article in The Data Breach Blog

Advertisement

How to Prevent Insider Threats!

POLL

More in The Data Breach Blog

Hackers raid Washington state court system to steal 160,000 SSNs, 1M driver's license numbers

Hackers raid Washington state court system to steal ...

After the public website of the Washington state Administrative Office of the Courts was compromised in February, an investigation revealed the severity of the breach in April.

Personal California birth records found in "unsecure" location

The California Department of Public Health announced that the data included names, addresses, Social Security numbers, and medical information.

Investment regulator loses portable device containing personal data

Although the specifics of the lost information is unknown, the Investment Industry Regulatory Organization of Canada has announced that 52,000 clients of 32 brokerage firms have been affected.