PROVO, Utah. The Brigham Young University’s Counseling and Career Center appears to have exposed personal information of 89 BYU Medical school Applicants by placing their names and personal information on its website. The information, contained in an excel file named “MD-DO-Stats-2006.xls,” contained full names, last three digits of social security numbers, gender, economic disadvantaged status, academic majors, race, MCAT scores, an indication of whether the applicant was accepted or rejected, and other academic information.

At least some of the information posted online is covered by the Family Educational Rights and Privacy Act (FERPA). When it was discovered by the Liberty Coalition in November, 2007, the original file had already been deleted from the BYU server, but part of the file remained in Google’s Cache until early December, 2007.

Student applicants from the following universities were affected:

• Case Western Reserve University School of Medicine
• Dartmouth Medical School
• Drexel University College of Medicine
• East TN State U., James H. Quillen Coll. of Med.
• Eastern Virginia Medical School
• Johns Hopkins University School of Medicine
• Loyola University Chicago Stritch School of Medicine

You can confirm whether you were affected by this breach by searching for your name at www.ssnbreach.org.

About SSNBreach.org

SSNBreach.org is a free online directory of victims of personal information breach, that tells you whether your personal information has been exposed.
SSNBreach.org does NOT contain sensitive data, such as Social Security Numbers (SSN), Birth Dates, Addresses, and the like. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Instead of storing sensitive information, we document what information was exposed, and the situation surrounding the breach. This information allows victims to further investigate, take action, or correct any harm from the exposure.

Source: https://www.ssnbreach.org/release.php?g=52

On November 1, 2007 the Liberty Coalition discovered an Excel file on the Montana State University Website containing personal information of university employees hired in August, 2006. The file is labeled “New Hire Report Aug 16, 2006,” posted by MSU Bozeman Personnel & Payroll Services: 19 Montana Hall, PO Box 172520, Bozeman, MT 59717-2529. The file contains the complete social security numbers, names, street addresses, and hire dates for roughly 42 University of Montana employees. According to the MSU Press release,

“…an independent security analyst [Liberty Coalition] informed university data security staff that an Excel spreadsheet with the names and Social Security numbers of 42 people — mostly new hires during the summer of 2006 — was available on the MSU Web site. The spreadsheet was immediately removed.”

By posting this information online, Montana State University has put these individuals at extreme risk of identity theft.

University officials removed the file immediately upon notice, and conducted an investigation. However, the university has not released the results of that investigation to the Liberty Coalition.

You can confirm whether you were affected by this breach by searching for your name at www.ssnbreach.org.

About SSNBreach.org

SSNBreach.org is a free online directory of victims of personal information breach, that tells you whether your personal information has been exposed.

SSNBreach.org does NOT contain sensitive data, such as Social Security Numbers (SSN), Birth Dates, Addresses, and the like. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Instead of storing sensitive information, we document what information was exposed, and the situation surrounding the breach. This information allows victims to further investigate, take action, or correct any harm from the exposure.

Source: https://www.ssnbreach.org/release.php?g=51

LIBERTY, Kentucky. A former elementary school principal, and proprietor of Frysc Connect and Rick’s Computer Enterprise in Liberty, Kentucky posted a file online which appeared to contain 2,377 names, including 1,291 of his former students’ social security numbers, dates of birth, ethnicities, addresses, phone numbers, guardians’ names and other personal information. Rick claimed that he scrambled names and other information so they no longer matched. Though some of the information had apparently been scrambled, much had not.

For example, the Liberty Coalition was able to contact a few students and parents on the list by calling home phone numbers listed, and some parents’ names still matched children’s names. Because the file had been used for years for training purposes, unfortunately there is no way to determine how much of the information had been scrambled.

Even if most of the information had been scrambled, it is alarming that educators have easy access to so much children’s sensitive personal information, and that some feel free to copy it for their own use.

The file had been shared and used for more than six years to train school employees on his product called “The Ultimate FRC/YSC Toolkit,” a software package designed to help school districts manage student personal information. All of the individuals affected by this breach live in the small town of Liberty, Kentucky. Parents who find their own names on ssnbreach.org, but fail to find one of their children’s names, may assume that the child’s record had been scrambled.

You can confirm whether you were affected by this breach by searching for your name at www.ssnbreach.org.

About SSNBreach.org

SSNBreach.org is a free online directory of victims of personal information breach, that tells you whether your personal information
has been exposed.

SSNBreach.org does NOT contain sensitive data, such as Social Security Numbers (SSN), Birth Dates, Addresses, and the like. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Instead of storing sensitive information, we document what information was exposed, and the situation surrounding the breach. This information allows victims to further investigate, take action, or correct any harm from the exposure.

Source: https://www.ssnbreach.org/release.php?g=50

NEW YORK, New York. In early October, 2007, the Liberty Coalition discovered a file containing what appears to be the names, genders, dates of birth, salary information, e-mail addresses, t-shirt sizes, and contact information for approximately 1,010 Cracked.com subscribers. The file was available to the online public, and was not password-protected, encrypted, behind a firewall, nor require authentication to access. The exposure contradicted Cracked.com’s already weak Privacy Policy,

“We use commercially reasonable efforts to safeguard and secure your personal information while stored on our computer systems. We use a variety of industry standard security measures, including encryption and authentication tools, to maintain the confidentiality of your personal information. Your personal information is stored behind industry standard firewalls and is only accessible by a limited number of persons who are authorized to access such systems, and are required to keep the information confidential.” (Accessed 11 October 2007)

However, presumably in response to this breach, Cracked.com has since changed its privacy policy to disclaim all responsibility for exposing customer data:

“We have physical, electronic, and managerial procedures to help safeguard, prevent unauthorized access, maintain data security, and correctly use your information. HOWEVER, WE DO NOT GUARANTEE SECURITY. Neither people nor security systems are foolproof, including encryption systems. In addition, people can commit intentional crimes, make mistakes or fail to follow policies. If applicable law imposes any non-disclaimable duty (if any), you agree that the standard used to measure our compliance with that duty will be one of intentional misconduct.”

Translation: “We screwed up, and we’re not going to take any responsibility for it unless you sue us. You’re on your own if we put you at risk.”

By the time the file was discovered, it had already been removed from cracked.com, but continued to be available through Google’s cache. Cracked.com was notified of the breach, and they subsequently changed their privacy policy.

You can confirm whether you were affected by this breach by searching for your name at www.ssnbreach.org.

About SSNBreach.org

SSNBreach.org is a free online directory of victims of personal information breach, that tells you whether your personal information
has been exposed.

SSNBreach.org does NOT contain sensitive data, such as Social
Security Numbers (SSN), Birth Dates, Addresses, and the like. Consequently, there is no way to search for your SSN or any other
type of sensitive data on SSNBreach.org. Instead of storing sensitive information, we document what information was exposed, and the
situation surrounding the breach. This information allows victims to further investigate, take action, or correct any harm from the
exposure.

Source: https://www.ssnbreach.org/release.php?g=30