Slashdot Mirror

← Back to Stories (view on slashdot.org)

U of C Student Information Compromised

Posted by Zonk on from the watch-your-permissions-kids dept.

fhqwhgads writes "SFTP access to the University of Chicago's web server has been temporarily blocked as Networking Services and Information Technology (NSIT) responds to 'the discovery by a campus web developer that files containing social security numbers were located on a portion of a public server that could be accessed by web developers not associated with the site.' The Chicago Maroon is reporting that this was done without escalation of privileges, and that some files were accessible from the internet."

6 of 143 comments (clear)

  1. Re:seen it before, will probably see it again. by DrinkingIllini · · Score: 2, Informative

    The University of Illinois, and many other universities I suspect, issues everyone a Unique Identification Number which basically takes the place of the SSN for all university business. Makes a hell of a lot more sense if you ask me.

  2. Google Search!! by TubeSteak · · Score: 3, Informative
    Uni & Colleges are notorious for their insecure networks.
    They practically bleed information.

    http://www.google.com/search?q=site:edu

    You can dig up SSN's, passwords, and various other juicy tidbits.

    College mailing lists are also nice treasure trove. They tend to be publicly archived, but the people mailing stuff out don't seem to be aware of the fact.

    They're also a good read just for the intra-office drama.

    --
    [Fuck Beta]
    o0t!
  3. @#$@#$ NSIT by Anonymous Coward · · Score: 1, Informative

    I *work* in Desktop support at U of C and this is how I find out about it...

  4. Same thing for Purdue University by geders · · Score: 2, Informative

    http://www.itap.purdue.edu/newsroom/news.cfm?newsI D=436

    Only affected about 11,360 current and former employees...joy. They have switched over to a new numbering system, but only a few of the computer systems can handle the new numbers. They tell us to not use the new numbers just yet. Hehe...looks like by the _end_ of 2006 they'll have switched over...

  5. Just a quick FYI by skwang · · Score: 2, Informative
    As a UC student I just want to let slashdotters know that the university does not use our SSN as our student ID.

    That doesn't excuse the networking staff from allowing this breech to occur, but I thought I would set the record straight.

  6. It happened at Purdue University just last week! by Anonymous Coward · · Score: 2, Informative

    They dubbed it affectionately the "data incident." From a few computers, hackers were able to glean 11,000 (eleven thousand!) staff records, including names, social security numbers, pants sizes, and favorite flavors of ice cream. (OK, so maybe I'm making the last two up.)

    Yes, I'm one of the disgruntled staff who must watch his credit for the rest of my life, and I'm pissed off.