OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] ME: 'Potential Breach' of Confidential Student Data (Bates College)

From: lyger (lygerattrition.org)
Date: Wed Oct 24 2007 - 10:15:11 CDT


http://media.www.batesstudent.com/media/storage/paper1116/news/2007/10/23/News/potential.Breach.Of.Confidential.Student.Data-3050562.shtml

Two publicly accessible documents that contained the record of nearly 500
recipients of the federal Perkins Loan along with each recipient's
address, date of birth, Social Security number, legal name and loan amount
were uncovered on the Bates network by The Bates Student on Oct. 13. All
that was necessary to access the files was a Bates username and password.

The information which is intended to be private could easily be used for
identification theft. Because this information could be used for this
purpose, Maine statute 1346 known as "the Notice of Risk to Personal Data
Act," enacted this past spring, requires Bates to notify the affected
students that the data has been potentially compromised. Information and
Library Services Vice President Gene Weimers was uncertain at press time
whether or not the Maine statute requires them to notify the Maine
Attorney General.

Managing News Editor Conor Hurley of The Student informed the Student
Financial Services Office (SFS) that the documents were publicly available
on Oct. 15. The SFS Office claims to not have received Hurley's
correspondence and the documents remained on the server. When Hurley
contacted the SFS Office Monday, it attributed the mistake to the
Information and Library Services Office but declined further comment.

[...]
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml