Texas A&M Prof Posts Partial SSNs, Grades of Former Students Online

COLLEGE STATION, Texas. On November 21, 2000, someone posted the names, scores, Grades, and last five digits of 44 students’ social security numbers on a Texas A&M server. All affected students attended Dr. Clyde Munster’s Fall 1998 Hydrologic Principles in Agriculture class (AGEN 350). The Liberty Coalition discovered the files in late November, 2007. Though the university quickly removed the files from public access after notification, copies remained online through late March, 2008 in search engine caches.

This breach fits within a common pattern where university faculty or staff use university servers to store backed-up files, assuming that since the system requires a password to upload files, that the servers are private. Unfortunately, in this instance, some of Dr. Munster’s backed-up files contained sensitive information which was made available online and picked up by search engines.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=80

No Comments

UConn Prof Posts 14 Student SSNs Online

STORRS, Connecticut. On or before July 24, 2003 former UConn Economics Professor, Dr. Stiver, loaded an Excel file to his University of Connecticut home page which contained the names, last 8 social security number digits, scores, and grades of 14 students. All of the affected individuals appeared to be Dr. Stiver’s former Economics 242 students.

University officials had already discovered the file during an internal audit in early February, 2008, before the Liberty Coalition was able to notify them of the exposure. By the time the Liberty Coalition contacted the University of Connecticut, they had already deleted the file, worked with all major search engines to clear their caches, and notified each affected student. To its credit, the University also offered each student two free years of credit checking, which is not technically required by law.

This exposure falls into a national pattern where professor will use university public servers to store sensitive personal information.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=81

No Comments

Stevens Institute of Technology Posts 9 Student SSNs Online

HOBOKEN, New Jersey. Stevens Institute of Technology professor L.E. Levine posted a file with names, Social Security Numbers and Homework scores for 7 students who apparently took his course “MA681” in the Fall of 1999. According to the server personal.stevens.edu, the files were posted on or before April, 2001. Though Dr. Levine deleted them immediately after he was notified of the exposure, the information continued to be available through March, 2008 through search engine caches.

By placing this information online, Stevens Institute of Technology has put these students at increased risk of identity theft and other forms of fraud.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=71

No Comments

University of Iowa has Another Breach

IOWA CITY, Iowa. In the second exposure of sensitive information in as many months, the University of Iowa posted sensitive student information online. Two files were discovered in January, 2008 which appear to contain the names, grades, and last four digits of nine students’ social security number were posted on the Computer Sciences Department website. All of the students appear to have attended the Summer 2001 22c-112 course, taught by Aditya Kumar Sehgal, Ph.D.

According to the server, the information was posted online since at least November, 2004. Though the university acted quickly to delete the files from their servers, copies remained available through major search engine caches through late March, 2008.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=70

No Comments

Shabazz Academy Posts K-5 Student Addresses Online

LANSING, Michigan. In late December, 2007 the Liberty Coalition discovered an excel file with the names, addresses, phone numbers, and emergency contact information for 125 students, parents, and others for Shabazz Public School Academy on their website. 69 of those affected are Pre-K through fifth grade students. Though no social security numbers or credit card numbers were exposed, some parents may be legitimately alarmed at the release of contact information for their young children.

The file was created on October 9, 2006. The school acted quickly to delete the file from their server and notify parents, but the file remained available through search engine caches until late February, 2008.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=78

1 Comment

Wright State University Prof Posts 395 Grades, 38 Partial SSNs Online

DAYTON, Ohio. The Wright State University Computer Sciences Department has posted the names and last five digits of 38 students’ social security numbers on their website. All of the students affected seem to be former students of Dr. Junghsen Lieh, Ph.D. who took Materials Engineering courses between 1997 and 2005. In addition to the partial social security numbers, the individual scores and grades for roughly 395 students are also posted.

According to Dr. Lieh, the files were made during a large backup a corrupted and damaged PC in March 2006, though many of the files are considerably older than that. This breach falls within a common national pattern of faculty who use online university servers to back up files, some of which may be sensitive in nature. The Liberty Coalition notified Dr. Lieh, the Wright State University General Counsel. Though the files were deleted from the server within 24 hours, copies remained available through Yahoo’s search engine cache until late March, 2008.

Much of the information exposed in this incident may be protected by FERPA. In addition, the last four or five digits of the social security number are used by some financial institutions and businesses to extend credit, or as passwords.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=77

No Comments

Suffolk Co., NY Posts 250 Partial SSNs Online

HAUPPAUGE, New York. On or before May 22, 2007 (and as early as March 22, 2007), the Suffolk County Government Civil Service posted the names and last four digits of 250 individuals’ social security numbers on their website. The file appeared to be a copy of an old database related to the “CF Police Lottery.” The Liberty Coalition discovered the file and notified the county government on December 14, 2007. The file was not deleted from the county server until January 30, 2008, after a second notification by the Liberty Coalition.

Following the second notification, a county representative contacted the Liberty Coalition and pledged that Suffolk County plans to change its procedure, and stop using partial SSNs as an identifying number.

The last four digits of the social security number is used by businesses to extend credit, and financial institutions sometimes use it as a password. By placing this information online, Suffolk County has placed these individuals at an elevated risk of identity theft.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=76

No Comments

NJ Lawyers Post Hundreds of SSNs Online

DENVILLE, New Jersey. Confidential consumer information somehow escaped the New Jersey law offices of Collections Lawyers Pellegrino & Feldstein, and ended up posted on several websites. The Liberty Coalition discovered cached versions of an Excel file that contained the full names, social security numbers, dates of birth, addresses, account numbers, and financial information of more than 530 individuals who had interactions with Pellegrino & Feldstein in approximately 2004-2005. It also includes notes about highly private subjects, including medical conditions and employment information. The list, named “newportfolio.xls,” was posted on a number of websites, including rjrsolutions.com, cliftonrealtor.com, vdiiorio.com, cliftonrealestate.com, and anthonyc21.com on or before October 8, 2007. Although it was deleted prior to December 6, 2007, copies remained in at least two search engine caches as late as February, 2008.

All but 10 of the individuals affected by this exposure live in New Jersey. The Liberty Coalition contacted several of the victims and their attorneys, and found that the list originated from LT Asset Recovery, LLC, who in turn hired Pellegrino & Feldstein.

By allowing the personal information of these individuals to leak from their internal databases, Pellegrino & Feldstein has put these individuals at extreme risk of financial, criminal, and medical identity theft.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=75

No Comments

Former East Carolina U. Prof. Posts Info of 736 Students Online

GREENVILLE, North Carolina. On March 16, 2005 former East Carolina University math instructor Ken Butler made a temporary backup of his computer to his personal website, www.ropehouse.com. He didn’t delete the files until January 3, 2008 when the Liberty Coalition informed him that his backed-up files included the personal information of 736 students, including 412 social security numbers, in more than 60 files. Although he knew that his students’ information was backed up online, Mr. Butler believed that search engines would never find them, since he did not link directly to any of the files.

The posted files also include students’ grades, e-mail addresses. Much of the information in these files is protected by FERPA, and many of these students are at extreme risk of identity theft. Although the Liberty Coalition did not find names and social security numbers directly on ECU servers, it is alarming how so much sensitive student personal information escaped the stewardship of East Carolina University, and ended up on a private website.

While it is unclear how Google “found” the files, many people do not realize that many popular search engine toolbars act as mini “spiders” for Google when certain features are turned on. Essentially, the toolbars can report the URL of every link you visit back to the search engine, so simply by visiting a website, users can inadvertently alert Google (or other search engine) to its presence.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=74

No Comments

Salt Lake City Assisted Living Center Posts 82 Patients’ Information Online

SALT LAKE CITY, Utah. In January, 2008 Inspiration Hospice posted confidential information for 82 of its patients, and contact information for 185 caretakers on its website, inspirationhospice.com. The information was inadvertently put online in an Excel file which contained names, partial social security numbers, dates of birth, insurance numbers, medical diagnoses, addresses, phone numbers, prescriptions, and allergies, among other confidential information. The file also documented intensely personal wishes about when a patient wished to be resuscitated, family funeral plans, and even body donation. The personal nature of this exposure is particularly shocking.

When the Liberty Coalition discovered the file on January 17, 2008, it required a username and password to access, but a public copy persisted in Google’s Cache for several days. Eventually the information was deleted from inspirationhospice.com and Google’s cache. However, it is impossible to determine how many people accessed the file or search engine caches, or whether copies exist on other parts of the internet or on hard drives. By placing this information online, Inspiration Hospice has placed its patients at severe risk of identity theft, medical identity theft, fraud, or embarrassment.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=68

No Comments