P.I.: The Tale of Two Universities
PRIVATE EYE: Two small examples of a problem too large to ignore.
Universities are the forefront of society. We place our hope for the future in the brightest minds - both students and instructors. Forward thinking, concerned with the issues of today, and solving the problems of tomorrow is how I like to envision our institutions of higher learning. So they are aware of identity theft and the need to protect an individual's personal data, right? Think again.
Story #1: The University of Northern Colorado announced that a computer hard drive is missing. They are not sure if it was stolen, thrown away, or misplaced. What they do know is the disk contained the personal information of 15,790 employees - a list that dates back to 1997. What sort of information? Just the usual employee data: name, address, bank account numbers, Social Security Numbers, etc.
I know some of you are saying "University of Northern Colorado"?!?! Not exactly your Ivy League university is it? Well listen up you academia snobs to the next story.
Story #2: Harvard University (yes that Harvard) just pulled the University Health Services (UHS) Pharmacy website because students and employees' drug history was accessible via the Internet. All it took was the non-confidential student number and birth date. Per the article at TheCrimson.com, undergraduate birth dates are published to fellow students.
One of the laws of programming is "you can never prove a program is bug-free, you can only prove it has bugs" and there are reams of statistical data showing the number of undiscovered bugs is directly proportional to the number of discovered bugs. So how many more privacy breeches are out there waiting to be discovered by the white hats? How many are being exploited right now by the black hats? How many have YOUR data?
It doesn't really matter if it is unsecured data on a website or unsecured hardware with data, the bottom line is we all need to be more cognizant of our private data.
Are you getting paranoid yet?
Universities are the forefront of society. We place our hope for the future in the brightest minds - both students and instructors. Forward thinking, concerned with the issues of today, and solving the problems of tomorrow is how I like to envision our institutions of higher learning. So they are aware of identity theft and the need to protect an individual's personal data, right? Think again.
Story #1: The University of Northern Colorado announced that a computer hard drive is missing. They are not sure if it was stolen, thrown away, or misplaced. What they do know is the disk contained the personal information of 15,790 employees - a list that dates back to 1997. What sort of information? Just the usual employee data: name, address, bank account numbers, Social Security Numbers, etc.
I know some of you are saying "University of Northern Colorado"?!?! Not exactly your Ivy League university is it? Well listen up you academia snobs to the next story.
Story #2: Harvard University (yes that Harvard) just pulled the University Health Services (UHS) Pharmacy website because students and employees' drug history was accessible via the Internet. All it took was the non-confidential student number and birth date. Per the article at TheCrimson.com, undergraduate birth dates are published to fellow students.
One of the laws of programming is "you can never prove a program is bug-free, you can only prove it has bugs" and there are reams of statistical data showing the number of undiscovered bugs is directly proportional to the number of discovered bugs. So how many more privacy breeches are out there waiting to be discovered by the white hats? How many are being exploited right now by the black hats? How many have YOUR data?
It doesn't really matter if it is unsecured data on a website or unsecured hardware with data, the bottom line is we all need to be more cognizant of our private data.
Are you getting paranoid yet?
0 Comments:
Post a Comment
<< Home