Web leak entangles 7K records
By Allyson Reynolds Dixon | Enterprise-Journal
Posted: 10/14/08 - 12:00:35 pm CDT
More than 7,000 records of students and former students were left vulnerable on the Internet last week, Southwest Mississippi Community College officials said today in a news release.
The college has hired a firm to help determine the extent of the breach and notify students, whose names, Social Security numbers, addresses, genders, races and grade point averages were leaked over the Internet.
The college will contact all potentially affected people by mail, the news release said.
The breach occurred, “when a crashed server was brought back online, and some folder permissions reverted to default values, which allowed inadvertent access,” the release said. “This access was limited to several report files, but there was no access to the college’s administrative data system.
“Within a few hours of the notification, SMCC was able to correct the problem.”
The release said the college will set up a fact sheet on its Web site to assist students affected, and that the site (www.smcc.edu/info) should be available later today. The college also is making available an Identity Theft Resources Center to students, the release said.
SMCC President Dr. Oliver Young said Monday that the company, which he did not name, was hired after the college learned last Wednesday that the personal information had been inadvertently leaked over the Internet.
“Our children were on there,” said Young. “Ms. Alicia Shows had two nieces, and my son was on there. Hopefully, people don’t think anyone intentionally released this information. We go to great limits to protect our children’s information.”
Mississippi Attorney General Jim Hood said in a phone interview Monday that he could not confirm how many identities were compromised but said the college is working with his office to calm the affected parties.
Hood said Mississippi is one of six states that does not have a “breach disclosure law” in place.
The AG’s office was notified by a former student.
Hood said the breach was discovered after a man “checking up” on his girlfriend online was able to access her Social Security information.
“But now that it has happened, the question is, ‘Now what can we do?’ ” the attorney general said. “It is the duty of the college to contact every student whose identity was breached. … I think the college is responding the best that it can.”
Hood said students should put a “fraud alert” on their credit reports immediately by contacting one of the three major credit bureaus.
Young said it’s important to remember that the college began dealing with the issue once it was brought to the attention of SMCC officials.“We’re just glad ours is not an intrusion in that, as far as we know, it was not that someone hacked into our system and stole information,” Young said. “This was just accidentally released and became accessible to the public.”
School officials had initially said the breach was limited in scope — affecting about 1,000 former students over the period of a few hours.
Rob Douglas of InsideIDTheft.info said regardless of how the information became public, the breach still has threatened those involved.
“The fact that it wasn’t up there long or that not that many people might see it isn’t a good argument at all. It’s an invalid argument,” said Douglas, who monitors breaches and identity theft daily. “Once it’s on the Internet, it’s there for the whole world to see.”
Douglas said criminals create programs to monitor the Internet for Social Security numbers.
“So whether it’s 20 names or thousands, or whether it’s in a backwoods China province matters not, and the college knows that and that’s why (the college is) concerned.”
Douglas said protocol suggests that SMCC offer everyone affected at least one year’s worth of credit monitoring.China province matters not, and the college knows that and that’s why (the college is) concerned.”
Douglas said protocol suggests that SMCC offer everyone affected at least one year’s worth of credit monitoring. Young said the college’s news release would address that issue.
In the meantime, the Mississippi AG’s office offers these tips to ascertain whether you are a victim of identity theft:
• Reviewing your bank and credit accounts for unexplained charges,
• Failing to receive bills or bank statements on a timely basis,
• Receiving calls from creditors regarding accounts you never opened,
• Denial of credit despite a good credit history or other legitimate reason.
Anyone who believes they are a victim should contact the Consumer Protection Division of the Attorney General’s Office at (800) 281-4418 and request an ID Theft Packet or go to www.ago.state.ms.us/index.php/sections/consumer/identity_theft.
Anyone concerned about the breach should contact the fraud department of one of the three major credit bureaus — Equifax (800) 685-1111, Experian (888) 397-3742 or TransUnion (800) 888-4213), Hood said.
Protecting Identities
The state AG’s office offers these tips to find out whether identity has been compromised:
• Reviewing bank and credit accounts for unexplained charges.
• Failing to receive bills or bank statements on a timely basis.
• Receiving calls from creditors regarding accounts that were never opened.
• Denial of credit despite a good credit history or other legitimate reason.
Anyone who believes they are a victim should contact the Consumer Protection Division of the Attorney General’s Office at (800) 281-4418 and request an ID Theft Packet or go to www.ago.state.ms.us/index.php/sections/consumer/identity_theft.
Anyone concerned about the breach should contact the fraud department of one of the three major credit bureaus — Equifax (800) 685-1111, Experian (888) 397-3742 or TransUnion (800) 888-4213), Hood said.
|
Let us know what you think about this story or topic.
|
Your comment may not
immediately appear on this Web site. We appreciate your patience.
|
|
|
|
|
RSS
alumni wrote on Oct 15, 2008 11:22 AM: