Because I am Here

GREENVILLE, North Carolina. On March 16, 2005 former East Carolina University math instructor Ken Butler made a temporary backup of his computer to his personal website, www.ropehouse.com. He didn’t delete the files until January 3, 2008 when the Liberty Coalition informed him that his backed-up files included the personal information of 736 students, including 412 social security numbers, in more than 60 files. Although he knew that his students’ information was backed up online, Mr. Butler believed that search engines would never find them, since he did not link directly to any of the files.

The posted files also include students’ grades, e-mail addresses. Much of the information in these files is protected by FERPA, and many of these students are at extreme risk of identity theft. Although the Liberty Coalition did not find names and social security numbers directly on ECU servers, it is alarming how so much sensitive student personal information escaped the stewardship of East Carolina University, and ended up on a private website.

While it is unclear how Google “found” the files, many people do not realize that many popular search engine toolbars act as mini “spiders” for Google when certain features are turned on. Essentially, the toolbars can report the URL of every link you visit back to the search engine, so simply by visiting a website, users can inadvertently alert Google (or other search engine) to its presence.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=74

SALT LAKE CITY, Utah. In January, 2008 Inspiration Hospice posted confidential information for 82 of its patients, and contact information for 185 caretakers on its website, inspirationhospice.com. The information was inadvertently put online in an Excel file which contained names, partial social security numbers, dates of birth, insurance numbers, medical diagnoses, addresses, phone numbers, prescriptions, and allergies, among other confidential information. The file also documented intensely personal wishes about when a patient wished to be resuscitated, family funeral plans, and even body donation. The personal nature of this exposure is particularly shocking.

When the Liberty Coalition discovered the file on January 17, 2008, it required a username and password to access, but a public copy persisted in Google’s Cache for several days. Eventually the information was deleted from inspirationhospice.com and Google’s cache. However, it is impossible to determine how many people accessed the file or search engine caches, or whether copies exist on other parts of the internet or on hard drives. By placing this information online, Inspiration Hospice has placed its patients at severe risk of identity theft, medical identity theft, fraud, or embarrassment.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=68

GLASSBORO, New Jersey. A Rowan University professor has posted several files containing personal information for 370 Rowan University students, including 172 Social Security Numbers, 95 Dates of Birth, and 310 addresses. The files also include GPAs, phone numbers, Majors, e-mail addresses, grades, phone numbers, and physical fitness information (such as Bench Press abilities, for example).

The files have been online for several months to several years, as early as November 17, 2004. By placing this information online, Rowan University has put these students at severe risk of identity theft, fraud, and other forms of risk.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=65

AMES, Iowa. In early December, 2007 Iowa State University posted the names, social security numbers, scores, and grades of 26 former students on its website. The students all appear to have taken the course “ME 325″ in the Spring of 2001 from Gloria Starns. The information, along with e-mail addresses has been posted on iastate.edu for six years, since January 10, 2002. Much of the information in the files may be protected by FERPA, and all of it is sensitive. By placing students’ names and social security numbers online, Iowa State University has put these 26 students at severe risk of identity theft and other kinds of fraud.

Paragraph 3.1.2. of the Iowa State University Code of Computer Ethics indicates that Iowa State University does not have a regular policy of searching text and non-text based files on public servers to determine whether they may contain sensitive information. Especially in this instance, where a faculty member accidentally posted sensitive information six years ago and had likely forgotten about the information, the University is in the best position to catch breaches when they occur, before search engines index the files.

Individuals affected by this breach should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information, and the situation surrounding the breach, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=63

IOWA CITY, Iowa. The College of Engineering Student Development Center has posted personal information of 321 University of Iowa students on its website, including 215 social security numbers. The social security numbers were contained in an Excel file which also included names, GPAs, e-mail addresses, student ID numbers, and other academic information. Most of the affected students appear to be seniors who applied for graduation in Spring 2006. By placing this information online, the University of Iowa has put these students at extreme risk of identity theft or other forms of fraud.

The file was created on February 27, 2006, and placed online on or before March 15, 2006. According to the web server, it was on University of Iowa’s servers for almost two years without internal detection. It was one file among course listings and curriculum information for the College of Engineering.

Individuals affected by this breach should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information, and the situation surrounding the breach, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=64

CORVALLIS, Oregon. In December, 2007 the Liberty Coalition discovered sensitive personal information of 33 students and faculty on a University of Oregon Web server, including 19 social security numbers. The individuals affected appear to be participants in the 2006 NASA Robotics Academy in Maryland, under the direction of Melissa Jenson-Morgan. The personal information, which includes names, SSNs, phone numbers, GPA, Academic Majors, and other information, was placed in an Excel file on oregonstate.edu and indexed by major search engines.

Individuals on this list are at increased risk of identity theft.

Individuals affected by this breach should immediately vist www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information, and the situation surrounding the breach, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=61

DARTMOUTH, Massachusetts. In December, 2007 the Liberty Coalition discovered the names, grades, GPA, and partial social security numbers for 32 former students of Phuong Tu, probably from the Fall, 2004 CIS 100 class. Ironically, the sensitive information was contained posted on the Computer and Information Science Department’s main web server. In the file, students’ complete social security numbers appeared to be listed, with only the first number replaced by a zero.

By placing this information online, the University of Massachusetts Dartmouth has put these students at increased risk of identity theft.

Individuals affected by this breach should immediately vist www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information, and the situation surrounding the breach, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=60

OSAN, Korea. The Liberty Coalition currently has no explanation how confidential US Army personnel data leaked out of Army control, and ended up posted on a Korean Chat forum. The file, named “602d_Warhorse_Tracker.xls” contains personal information of 1,197 servicemen and women stationed in Camp Humphreys, and has been posted in an Excel file on the Korean Language Chat forum, excellove.com. Camp Humphreys is located approximately 40 kilometers south of Osan, South Korea.

The file contains the full names, social security numbers, dates of birth, genders, married status, and other logistic information (such as MOS, DEROS, Gain Date, Anniv., Departure Date, UNIT, Location, Section, Position, and ETS). 602d_Warhorse_Tracker.xls contains a “Warhorse Tracking Matrix,” as well as a “Monthly Unit Manning Report,” whose unit POC is “SFC LaMorie.” According to the Excel Meta properties, the file was created on February 10, 2005, and was authored by “thomas.lark” of the 194TH-MAINT-BN, and seems to contain information about members of the 602D.

By allowing this information to leak from its systems, Camp Humphreys has put these individuals at extreme risk of identity theft and other dangers. Neither the Army nor Excellove.com responded to the Liberty Coalition’s notifications.

Individuals affected by this breach should immediately vist www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information, and the situation surrounding the breach, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

MADISON, Wisconsin. In late November, 2007 that Liberty Coalition discovered the names, scores, and Grades of 196 students of Professor Yu Hen Hu’s ECE 734 classes between 1994 and 2006. The information was posted in Excel files on a University of Wisconsin - Madison server. According to the server, the files had been online for several years. Students affected by this breach are NOT at special risk of identity theft.

This breach fits within a common national pattern where university faculty or staff use university servers to store backed-up files, and later forgetting them or assuming that they are not available to the public. Unfortunately in this instance, some of Professor Hu’s backed-up files contained sensitive information which was made available online and was picked up by search engines.

You can confirm whether you were affected by this breach by searching for your name at www.ssnbreach.org.

About SSNBreach.org

SSNBreach.org is a free online directory of victims of personal information breach, that tells you whether your personal information has been exposed.
SSNBreach.org does NOT contain sensitive data, such as Social Security Numbers (SSN), Birth Dates, Addresses, and the like. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Instead of storing sensitive information, we document what information was exposed, and the situation surrounding the breach. This information allows victims to further investigate, take action, or correct any harm from the exposure.

Source: https://www.ssnbreach.org/release.php?g=56

GRISSOM ARB, Indiana. A Grissom Air Reserve Base weather station supervisor recently posted sensitive personnel information on his personal website, www.0cool.net. The Excel file contained contact information for 11 individuals, including seven social security numbers, dates of birth, drivers license numbers, and other information. The Liberty Coalition contacted one employee who explained that he had found the information by Googling himself days earlier. He talked to the supervisor, who explained that the file was a failed attempt at creating a random number generator. For some reason the Supervisor used fellow employees’ sensitive data for testing purposes. As a result, his fellow workers are now at extreme risk of identity theft. The Liberty Coalition was unable to reach the Supervisor directly.

The file had been deleted when the Liberty Coalition discovered it, but the information remained in Google’s cache for several weeks.

Individuals affected by this breach should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information, and the situation surrounding the breach, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=62