SSN security breaches

From WikiCU
Jump to: navigation, search

Social Security Number security breaches are a hilarious recurring feature of life at Columbia. Leaks have been reported in October 2005, April 2007, June 2008, February 2010, September 2010, and April 2012.

In October 2005, Columbia's student advising center sent an email to the entire senior class with a survey on extra-curricular activities conveniently pre-filled with a student's information and social security number.[1] This came only weeks after the Spectator reported that CUIDs were linked to SSNs, and that Columbia was the only Ivy League school maintaining this insecure practice.[2]. Of course, Columbia's crappy information security had cropped up the previous year when CUIT predecessor AcIS replaced directory information for over 4000 students with their work-study employment information, though not their social security numbers.[3]

In April 2007, it was revealed that Housing and Dining Services had left years of resident information, including Social Security numbers for up to 2,600 students, on an unsecured web server.[4] Lisa Hogarty, executive vice president for Student and Administrative Services, said "If you had to have a breach, this is the best kind to have." Awesome!

Of course what they didn't know at the time was that in February 2007, a student employee had inadvertently left a file with **5,000** student social security numbers accessible via Google Docs. But they found out 16 months later![5]

Are we done yet? Nope! In February 2010 three laptops with 1,400 student, alumni, and prospective student social security numbers were stolen from Columbia offices.[6] Then to make things worse, the medical center decided to go ahead and expose 'snippets' of data, including SSNs, of 6,800 patients.[7]

And then CUIT published the SSNs and other personal information of 3,500 members of the Columbia community again in April 2012.[8]