Archive for September, 2007

Jordanian Social Networking Site: 187 Identities Exposed

In late August, 2007, the Liberty Coalition discovered a text file containing sensitive personal information for approximately 187 people, posted by a user on the Jordanian social networking site, Jeeran.com. This file contained names, addresses, phone numbers, social security numbers, Mothers’ maiden Names, Drivers License Numbers, Dates of Birth, Credit Card information, ATM Pins, Bank Accounts, PayPal account information, and other sensitive data. On October 1, 2007, Jeeran.com President & Co-founder Omar F. Koudsi e-mailed SSNBreach.org to emphasize that they “quickly… co-operated in removing the data.” Jeeran.com did in fact remove the information within 48 hours of notification. However, they have not confirmed how long the file was available on their recalcitrant user’s site.

Individuals on this list were most likely victims of a “phishing” scam, where a malicious individual sets up a website that looks exactly like a merchant’s website (like paypal), in order to lure the victim into revealing sensitive information.

You can find out whether you were affected by this breach, at www.ssnbreach.org.

2 Comments

Iowa State Legislature Puts 109 Military at Risk of ID Theft

In September, 2007 the Liberty Coalition discovered a pdf report on the Iowa Legislature General Assembly website, containing the names, social security numbers, and employment information for approximately 109 members of the military. The report was to the members of the Legislative Fiscal Committee, from Steve Linder, Chief Operating Officer, State Accounting Enterprise. Subject: Monthly Military Pay Differential Report.

The page was taken down within a few business hours of notification, by the Iowa State Legislature Webmaster, and the webmaster requested that the link be removed from search engine caches.

Individuals affected by this breach can get a personalized Information Exposure Report at www.ssnbreach.org.

About SSNBreach.org
SSNBreach.org is an online directory of victims of personal information breach. SSNBreach.org does NOT contain sensitive data, such as Social Security Numbers (SSN), Birth Dates, Addresses, and the like. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Instead of storing sensitive information, we document what information was exposed, and the situation surrounding the breach. This information allows victims to further investigate, take action, or correct any harm from the exposure.

No Comments

Temple University Breach Affects 90 Former Students

In September, 2007 the Liberty Coalition discovered two files containing partial social security numbers, grades, passwords, and other sensitive personal information for about 90 students at Temple University. All of the files were posted in the Computer Information System department, in a folder called “~shi.” The University was notified, and removed the files within a few business hours of notification, and requested search engines purge their caches. The files appeared to be a list of students enrolled in Spring 1998.

On September 26, University Privacy Officer Robert Edamala notified the Liberty Coalition that the university has

“…requested audits of their systems… [and] that faculty and staff arrange for, and attend, a seminar on Information Security and Privacy… Temple University is sensitive to the issue of privacy and has formulated policies and procedures that cover the handling, transmittal and storage of confidential information. In addition, for the past few years, we have dedicated the month of October to Information Security and Privacy Awareness, during which we hold educational campaigns on the topic.”

Individuals affected by this breach can get a personalized Information Exposure Report at www.ssnbreach.org.

No Comments

Naval Postgraduate School Breaches 1,058 Records

SSNBreach.org reports that in August, 2007 two Excel files containing what appeared to be personal information of up to 1,058 students was found on a website belonging to the Naval Postgraduate School. The file appeared to contain students’ full names, ranks, the last four digits of the student’s SSN, graduation dates, curriculum information, e-mail, phone number, and other information. The Dean of Students was notified, and the file was removed within hours.

About two weeks after the first file was discovered, another file containing similar sensitive information was discovered in the same directory. The school was again notified.

Individuals affected by this breach can search for their names at www.ssnbreach.org.

No Comments

Rutgers University Breaches 227 Personal Records

On August 31, 2007, the Liberty coalition discovered files posted on rutgers.edu that contain sensitive personal information. The four files appear to contain the full names, social security numbers, assignment scores, test scores, course grades, and other highly sensitive information for up to 227 students at Rutgers University. The files largely appear to be grading sheets for students of Wenxuan (Bill) Zhang, PhD Candidate/Teaching Assistant, Department of Computer Science.

Mr. Zhang, the University, and the FBI were all notified. Mr. Zhang acted immediately to take the files off line, and the university requested major search engines clear their caches, which appeared to clear after roughly two weeks.

Individuals affected by this breach can search for their names at www.ssnbreach.org.

No Comments

University of South Carolina Breaches 3,199 Personal Records

SSNBreach.org reports that the University of South Carolina’s Department of Biological Sciences, posted 18 files containing the full names, social security numbers, assignment scores, test scores, course grades, indications of academic misconduct, and other highly sensitive information for up to 3,199 students at the University of South Carolina.  Many of the files were indexed by major search engines, which have since been cleared.

The University of South Carolina and FBI were notified of the breach, and the University took immediate action to removed the files from the website. Though the university has not yet responded to Liberty Coalition alerts, we assume that they have requested major search engines clear their caches.

Individuals who have been affected by this breach can search for their names at SSNBreach.org for more information.

No Comments