How many victims? 6,675.
What type of personal information? Social Security numbers and birthdates.
What happened? A Boston University ROTC member installed a file transfer program onto a military server without permission, inadvertently exposing the personal information of thousands of ROTC members around the country. The program was installed last September, leaving the information exposed for nearly a year.
Details: The breach was discovered on July 28 by Andrew Binder, a network administrator for the California-based nonprofit medical research foundation, Alfred Mann Foundation. Binder, who is a U.S. Navy reservist, was searching the internet for software to help connect to a military website when he came upon documents that contained the personal information of ROTC members.
Binder notified the BU the same day he discovered the files and the university promptly took the server offline.
Quote: “We have done everything possible to conduct a thorough analysis of the data, notify affected individuals, and identify steps to prevent such accidents in the future,” Tracy Schroeder, BU’s vice president for information systems and technology told BU Today.
What was the response? The university has purchased an identity theft protection service to help those whose information was exposed. In addition, the school hired a third-party security firm to investigate the breach and to determine ways to prevent future exposures. Also, BU is working with the U.S. Army Cadet Command to notify all affected individuals.
Source: BU Today, http://www.bu.edu/today/, “ROTC Computer Files Found in the Public Domain,” August 20, 2009.