Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cornell Computer Theft Puts 45,000 At Risk of Identity Theft

Posted by timothy on from the into-the-gorges-with-the-thief dept.

PL/SQL Guy writes "This afternoon, Cornell alerted over 45,000 current and former members of the University community that their confidential personal information — including name and social security number — had been leaked when a University-owned computer was stolen. A Cornell employee had access to this data for troubleshooting purposes, and the files storing the sensitive information were being stored on a computer that was not physically secure. The university is not disclosing details about the theft. This isn't the first breach for Cornell; last June, a computer at Cornell used for administrative purposes was hacked, and the University alerted 2,500 students and alumni that their personal information had potentially been stolen."

4 of 91 comments (clear)

  1. Keeping User Data in a University.... by introspekt.i · · Score: 4, Insightful

    Is like trying to hold water in a sifter. It's only a matter of time before some doofus puts an .xls file with everybody's info into a web share and then says "hackers compromised the [publicly available] private student data". Not like I haven't had any experience with this....or anything.

    1. Re:Keeping User Data in a University.... by LaskoVortex · · Score: 5, Interesting

      I was once emailed word file with about 300 student's names, birthdates, social security numbers, and yes, user passwords for their university accounts. It was not encrypted and it was unsolicited--she needed help "opening" it. I promptly encrypted the file, deleted the original from my pop account, and then went to her computer and changed the name to have a ".doc" suffix. She was magically able to open it after that.

      These are the people we entrust with our sensitive information.

      --
      Just callin' it like I see it.
  2. Social security numbers are worthless by Jimmy_B · · Score: 4, Interesting

    At this point, social security numbers are so widely distributed that the only sensible thing to do is to publish them all in the phone book, so no one will be able to pretend they mean anything. If a scammer wants to use someone else's identity to defraud a bank, then the black market will sell them cheap and in bulk. The real problem is that creditors are allowed to issue debts without attempting to contact the person whose name they're using, and then try to collect those debts when the scammer runs off with the money.

  3. I was one of the 45K by Anonymous Coward · · Score: 5, Insightful

    It is extremely frustrating. I encrypt my personal data when it is under my control. It is unforgivable that an institution that I pay this much can't do the same.