Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another School Exposes Private Information

Posted by CowboyNeal on from the open-door-admissions dept.

DutchSter writes "In the wake of other schools announcing the theft of hardware containing sensitive student information, Miami University, of Oxford, Ohio, has announced that a file containing the name, Social Security number, the grade point average for the Fall 2002 semester, cumulative grade point average, and other related academic information, such as credit hours attempted that semester, for all 21,000 students who attended the Fall 2002 term has been available on a web server for the last three years. The discovery was made this week and the university is taking steps to deal with the fall-out sure to come."

4 of 298 comments (clear)

  1. Private information by Zouden · · Score: 5, Insightful

    I know this is a major breach of privacy/security, but I'm curious about what kinds of malicious things one could do with this information.
    It seems to me that the only useful thing is the names/SSN combination.
    Unless you could blackmail some poorly-achieving students by threatening to tell their parents their real marks?

    --
    "A week in the lab saves an hour in the library"
  2. Just say 'No' to giving schools the SSN by schwit1 · · Score: 5, Insightful

    No school needs an SSN. For that matter just say no to giving it to anybody but the IRS and your financial institutions. Your doctor doesn't need it. The gas company doesn't need it. Cingular and Earthlink don't need it.

    1. Re:Just say 'No' to giving schools the SSN by steelfood · · Score: 4, Insightful

      I think it has something to do with financial aid, work study, etc.

      --
      "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  3. Re:Who are they hiring? by globalar · · Score: 5, Insightful

    A lot of times it is not administrators who are directly doing this (i.e. its much bigger than one person or they have no real way of knowing). Information security is far more than simply one person's job. Everyone who has access to information - even the poor grad student who does backups on Sunday nights - should be responsible in some way for security.

    It takes a lot of work to make strong, accountable policies and carefully define simple, but narrow ways of accessing information (i.e. not just dumping the student records excel file in the share folder). For example, everyone on campus has network access which is most often directly linked to online access. If one person screws up and misuses their data access priveleges by opening up information over the network, it is very hard to tell unless you have accountability in place. And how many places do security reviews?

    When it becomes part of people's jobs to protect information, it will become a responsibilty. Right now, blaming one or two people is rarely a good solution. It's like someone who blames an outsourced medical transcripts worker in Pakistan for leaking information. Sure, it is there fault but the problem is much larger than one low-paid worker. Executive or peon, security is a group responsibility in information-rich, networked environments.