• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

Miami University, Ohio, Finds Huge Online Security Breach

Posted on: Friday, 16 September 2005, 21:00 CDT

Sep. 16--OXFORD -- A report containing the Social Security numbers and grades of more than 20,000 Miami University students enrolled in the fall of 2002 has been accessible via the Internet for nearly three years.

The security breach, which involves 21,762 students on all of the university's campuses, was discovered after a Miami graduate alerted the alumni office last week, Richard Little, senior director of university communications at Miami, said Thursday.

The alumni office then notified the university's information technology office, which removed it Monday morning.

The information was accidentally posted in the public share folder of former accountancy department Chair John Cumming, according to Miami.

Public share folders allow staff to post information to the Internet via a university server. Miami officials said the information was intended for a private share folder and remained in an "isolated" area of the network.

Cumming does not remember placing the information in the public share folder, but recalls requesting the report in 2002, according to Little.

"The report is fairly standard," Little said. "Faculty members use it to see the (grade point averages) of students." Miami used students' Social Security numbers as a method to identify students prior to 2003. Now students are issued a generated identification number.

Little said Cumming's motives for requesting all 21,762 students records was a sheer mistake.

"The report itself is set to generate on an a la carte basis," Little said.

"(Cumming) didn't know how to order the things he needed. Obviously, this is one of the things we need to look at." Although it is uncertain when the report surfaced online, university officials suspect it was posted near its 2002 request. Miami online logs only date back one year.

"From the observation logs, we can say that this information was not opened for awhile," Little said.

Miami has been attempting to contact those affected by the report through e-mails and letters. While many of the affected are mostly alumni, Little said a number of current students were also affected.

Little also noted the university is taking measures to ensure this does not happen again.

"We have hundreds of Web servers that have all been double checked," he said. "ŠAll faculty and staff have received e-mails about the handling of confidential information." The breach is not overly surprising, said Dale Clark who graduated from Miami in 2004 with a degree in computer systems analysis.

"It shows the lack from a computer guy standpoint of computer understanding," said Clark. "They should just revisit some of their policies on how they handle their data." The university is working with an outside firm to help people deal with the situation. Kroll Background America, based in Nashville, Tenn., is providing toll free numbers and e-mail assistance to answer questions.

Individuals who want to contact the university through e-mail: privacyhelp@muohio.edu; or phone: (513) 529-0438; and the Web: www.muohio.edu/privacyhelp.

-----

To see more of The Journal-News, or to subscribe to the newspaper, go to http://www.journal-news.com.

Copyright (c) 2005, The Journal-News, Hamilton, Ohio

Distributed by Knight Ridder/Tribune Business News.

For information on republishing this content, contact us at (800) 661-2511 (U.S.), (213) 237-4914 (worldwide), fax (213) 237-6515, or e-mail reprints@krtinfo.com.

Source: The Journal-News

More News in this Category