Forgot your password?
typodupeerror
Privacy Education Your Rights Online

Cornell Computer Theft Puts 45,000 At Risk of Identity Theft 91

Posted by timothy
from the into-the-gorges-with-the-thief dept.
PL/SQL Guy writes "This afternoon, Cornell alerted over 45,000 current and former members of the University community that their confidential personal information — including name and social security number — had been leaked when a University-owned computer was stolen. A Cornell employee had access to this data for troubleshooting purposes, and the files storing the sensitive information were being stored on a computer that was not physically secure. The university is not disclosing details about the theft. This isn't the first breach for Cornell; last June, a computer at Cornell used for administrative purposes was hacked, and the University alerted 2,500 students and alumni that their personal information had potentially been stolen."
This discussion has been archived. No new comments can be posted.

Cornell Computer Theft Puts 45,000 At Risk of Identity Theft

Comments Filter:
  • by Anonymous Coward on Wednesday June 24, 2009 @07:47PM (#28460779)

    You'd think, the university that created the Cornell Spider -- http://www2.cit.cornell.edu/security/tools/ -- Would be more diligent to push that out on all their machines. But I work in the *real* world and know all about theory and practice.

  • by Anonymous Coward on Wednesday June 24, 2009 @09:59PM (#28461787)

    Cornell still uses the Cornell student ID (printed on your ID card) for everything internal. If someone knows that, they can -- with a little social engineering -- pretty much impersonate you for any in-person campus service like manually changing your schedule or getting meals in your name (if you have a meal plan).

    I assume they need SSNs for any students they employ. Also, every college I applied to required it on the application as a unique identifier because they do not want to deal with names (your SSN is on every single page of the common app [wikipedia.org]).

  • by Anonymous Coward on Wednesday June 24, 2009 @11:06PM (#28462357)

    Fedora has full disk encryption, any newbie can activate it.

    What is wrong with these people?

  • by Anonymous Coward on Wednesday June 24, 2009 @11:46PM (#28462589)

    I've been reading about similar stuff happening at other places but I didn't think it would occur at Cornell. They are generally pretty good about IT/Security stuff. In any case, the email they sent out links to this FAQ:
    http://faq-june2009.cuinfo.cornell.edu

    Turns out that it wasn't so much the universities fault as it was the fault of some idiot IT person. An excerpt from the FAQ :

    5. Why was this information on a computer?

    A member of the Cornell technical staff, who is responsible for supporting our central administrative systems, was using these files to correct transmission errors found in the processing of the files. The data was being used for troubleshooting. Cornell's information security policies and guidelines do not allow unencrypted confidential personal data to be stored on any computer device that is not in a physically secured location. This employee's actions, although unintentional, violated our policy and practices.

    At least they are being nice and providing us with a service that will let us monitor our credit history. Great stuff... one more thing to worry about while trying to finish with my dissertation!

Wherever you go...There you are. - Buckaroo Banzai

Working...