Forgot your password?
typodupeerror
Privacy Education Your Rights Online

Cornell Computer Theft Puts 45,000 At Risk of Identity Theft 91

Posted by timothy
from the into-the-gorges-with-the-thief dept.
PL/SQL Guy writes "This afternoon, Cornell alerted over 45,000 current and former members of the University community that their confidential personal information — including name and social security number — had been leaked when a University-owned computer was stolen. A Cornell employee had access to this data for troubleshooting purposes, and the files storing the sensitive information were being stored on a computer that was not physically secure. The university is not disclosing details about the theft. This isn't the first breach for Cornell; last June, a computer at Cornell used for administrative purposes was hacked, and the University alerted 2,500 students and alumni that their personal information had potentially been stolen."
This discussion has been archived. No new comments can be posted.

Cornell Computer Theft Puts 45,000 At Risk of Identity Theft

Comments Filter:
  • by Jimmy_B (129296) <slashdot@jimrandom h . o rg> on Wednesday June 24, 2009 @06:28PM (#28459837) Homepage
    At this point, social security numbers are so widely distributed that the only sensible thing to do is to publish them all in the phone book, so no one will be able to pretend they mean anything. If a scammer wants to use someone else's identity to defraud a bank, then the black market will sell them cheap and in bulk. The real problem is that creditors are allowed to issue debts without attempting to contact the person whose name they're using, and then try to collect those debts when the scammer runs off with the money.
  • by LaskoVortex (1153471) on Wednesday June 24, 2009 @06:34PM (#28459913)

    I was once emailed word file with about 300 student's names, birthdates, social security numbers, and yes, user passwords for their university accounts. It was not encrypted and it was unsolicited--she needed help "opening" it. I promptly encrypted the file, deleted the original from my pop account, and then went to her computer and changed the name to have a ".doc" suffix. She was magically able to open it after that.

    These are the people we entrust with our sensitive information.

  • I wonder (Score:2, Interesting)

    by Anonymous Coward on Wednesday June 24, 2009 @06:43PM (#28460013)

    how many times identity theft isn't reported, the high school I went to had a case reported that some kids had stolen the SS numbers from the schools network. I know because I was called in and questioned about it. I didn't do it, and I don't know if they ever found out, I don't think they did as no one was expelled. The IT Department was totally fucked though as a network with vulnerability like that was... well you get the idea.

                  I was on the network and saw some teachers files however, so I wonder if some other kids got further than I did. I knew not to let my, "young curiosity" go any further. College applications, let alone scholarships were at stake and fooling around the network like that was not worth not going to college.

                    My point being, this was reported, and the results were inconclusive, what if they questioned the person who actually got the SSN's, and he got away with it. I wonder if a few credit cards in my name will be opened up in Asia in a few years, or already.

  • by hairyfeet (841228) <bassbeast1968@@@gmail...com> on Thursday June 25, 2009 @01:21AM (#28463055) Journal

    It isn't just universities. One Sunday I'm relaxing with a smoke after having to come into class to help those behind when I get a call "Where yo at?" I'm at class, just got done. Why? "You ain't gonna believe this shit. I'm about 10 blocks north of you. You got your truck?" yep, what else would I drive? "Good. Get over here NOW"

    So I get over there to where Chuck works at and the Teleco next door has put out a ton of 1.5-3Ghz boxes out on the curb. Being a nice Sunday and I don't mind a little exercise for some free parts I helped Chuck load them up, in return for picking a couple of the nicer ones for me of course. We get them to his place, unload them and I say "let's fire them up to see if any has an OS or if they have been stripped. Now not only do these boxes still have the nice little XP Pro OEM stickers on them, but the OS is STILL installed and they didn't bother deleting squat. Accounts, CC numbers, the whole nine yards was just sitting their unencrypted on the drives. Most didn't even need a username to log on. Lucky for them we just wanted the PCs and not the data or we could have had ourselves an ID theft field day.

    So it isn't just the schools. Over the years you'd be surprised how many "throw aways" I've ended up with that had major data on them. CC numbers, bank accounts, just stupid the amount of data they leave. I'm frankly shocked that MORE data theft hasn't occurred than what we have seen. I guess a lot of the guys are like me and just want a free PC and wipe the suckers.

"You don't go out and kick a mad dog. If you have a mad dog with rabies, you take a gun and shoot him." -- Pat Robertson, TV Evangelist, about Muammar Kadhafy

Working...