25 Aug 2011

Yale computer security lapse compromises Social Security numbers

Yale University faces tough questions after recently discovering an internet file accessible via Google contained the names and Social Security numbers of about 43,000 students, faculty, staff and alumni.

The personal information was compromised because the university's computer security experts were unaware of a change in Google's indexing system. Len Peters, the school's information technology services director, told the Yale Daily News he and his staff did not know that in September, 2010, Google began to index file transfer protocol servers of the type containing the sensitive file.

Peters said the file was removed from the web immediately after it was discovered on June 30, and the server was checked to ensure no other confidential data was present. He said all the affected parties have been notified and offered free credit monitoring and identity theft insurance.

Another college, the University of Wisconsin-Milwaukee, recently notified about 75,000 students and employees whose names and Social Security numbers were compromised by a malware attack.

Many prominent universities, including Harvard, Princeton and Cornell, appear on the list of hack victims on the Rank My Hack website, which awards users points for successful attacks. Yale does not appear on the site's victim roster.