August 24, 2011 – Yale University has plugged a security breach that leaked the names and Social Security Numbers of 43,000 members of its faculty and students. Some are blaming the breach on Google. But Google was just doing what Google does best; searching the internet. It would appear that responsibility for the breach lies solely with the university. There is a lesson to be learned in this story for anyone storing data online. Even if you think it’s safe, it may not be.

Tweet

The data breach appears to have begun nearly a year ago; in September, 2010. Yale University had a rather innocuously named file sitting on an FTP server that was used for distribution of open source material. The university hadn’t been worried about the file –which contained the full names and SSNs of 43,000 people - since search engines don’t typically index FTP servers.  What the university didn’t know was that Google was about to change its search parameters. Oops!

The file remained on the server, completely unprotected, for the next ten months. Once the university finally discovered the issue, they shut down the FTP server.

As previously mentioned, some people are blaming Google for this breach. But the real issue here is a continuing cavalier attitude by some with regard to storing sensitive personal information. IT departments everywhere need to take notice. Any file that is available online is a file at risk. In fact, just because Google hadn’t been indexing FTP servers prior to last year doesn’t mean that hackers haven’t been indexing them for some time. There is just absolutely no way to tell.  

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

Follow me on Twitter: