Difference between revisions of "Housing SSN security breach"
(New page: The '''housing SSN scandal''' took place in June 2008, when it emerged that a student Housing Services employee had posted a spreadsheet of student SSNs online in February 2007. Over ...) |
|||
| Line 1: | Line 1: | ||
| − | The '''housing SSN scandal''' took place in June 2008, when it emerged that | + | The '''housing SSN scandal''' took place in June 2008, when it emerged that a spreadsheet containing the SSNs of over 5,000 had been publicly available on the internet for 16 months since February 2007. |
| − | + | The Excel spreadsheet had been posted to a website called "Google Code" by a student [[Housing Services]] employee. | |
| + | |||
| + | The spreadsheet was apparently created by Sven Hafemeister as a homework for CS4733 Computational Aspects of Robotics. Hafemeister was a SEAS comp sci major and student athlete<ref>http://www.gocolumbialions.com/ViewArticle.dbml?SPSID=43592&SPID=3876&DB_OEM_ID=9600&ATCLID=612091&Q_SEASON=2006</ref> who has since graduated. He recently took down his [[Facebook]] page. | ||
| + | |||
| + | On 10 June and 11 June 2008, over 5,000 students were sent emails informing them of this confidentiality breach. Some students were offered two years of "Identity Guard CreditProtectX3SM" credit monitoring. Other students were not offered any such service. | ||
== Email offering credit monitoring == | == Email offering credit monitoring == | ||
| − | (please | + | <blockquote> |
| + | From: studentservices-assist@columbia.edu<br/> | ||
| + | Date: 10 June 2008<br/> | ||
| + | Subject: Important Security Information<br/> | ||
| + | <br/> | ||
| + | On June 3, Columbia University's Housing and Dining department was | ||
| + | informed that one archival database file containing the housing | ||
| + | information of approximately 5,000 current and former undergraduate | ||
| + | students was found on a Google-hosted website. Google removed this file, | ||
| + | at our request, that same day.<br/> | ||
| + | <br/> | ||
| + | Columbia Public Safety investigators have concluded that this security | ||
| + | breach was unintentional. No financial data was included in the file in | ||
| + | question, and we have no evidence of wrongdoing or identity theft. It | ||
| + | appears that the file was inadvertently posted by a former student | ||
| + | employee in February 2007. Nevertheless, it is important for you to be | ||
| + | aware that your name and Social Security Number were included in the file. | ||
| + | We are very sorry for this occurrence.<br/> | ||
| + | <br/> | ||
| + | Information security is a serious issue for us, as we know it is for you. | ||
| + | Columbia University is continually strengthening its measures to protect | ||
| + | Social Security Numbers where they are required in our systems. Housing & | ||
| + | Dining manually eliminated Social Security Numbers from its online room | ||
| + | selection process and contracts in April 2007. Further, in spring 2008, | ||
| + | Columbia Housing and Dining implemented a new software system to manage | ||
| + | and improve the housing assignment, contract, and billing processes which | ||
| + | also does not use Social Security Numbers. Unfortunately, this file was | ||
| + | uploaded prior to when these changes were made.<br/> | ||
| + | <br/> | ||
| + | As an additional precaution, Columbia has arranged for you to receive a | ||
| + | free two-year subscription to a credit monitoring service, Identity Guard | ||
| + | CreditProtectX3SM. This service will provide you with a copy of your | ||
| + | credit report, monitor your credit files at all three major credit bureaus | ||
| + | (Equifax, Experian and Trans Union) and notify you of certain suspicious | ||
| + | activities that could indicate identity theft. You will receive additional | ||
| + | information about enrolling in this service in the next week.<br/> | ||
| + | <br/> | ||
| + | If you do not wish to enroll in this service, you may still choose to | ||
| + | activate a fraud alert with the major credit bureaus, or periodically | ||
| + | request a credit report to look for potential irregularities and ensure | ||
| + | that no new accounts have been activated in your name. Each agency has an | ||
| + | automated fraud alert process. If you activate a fraud alert, the agency | ||
| + | you contact will notify the other two agencies so that those agencies also | ||
| + | can place fraud alerts on your accounts. In addition, each agency will | ||
| + | provide you a copy of your credit report at no cost. The contact | ||
| + | information for the credit agencies is as follows:<br/> | ||
| + | <br/> | ||
| + | Equifax - (800) 525-6285 - www.equifax.com<br/> | ||
| + | Experian - (888) 397-3742 - www.experian.com<br/> | ||
| + | Trans Union - (800) 680-7289 - www.transunion.com<br/> | ||
| + | <br/> | ||
| + | We sincerely apologize for the inconvenience this has caused you. Please | ||
| + | know that we take the protection of your identity seriously. We are | ||
| + | confident that the changes we have made since this file was posted have | ||
| + | made all students and alumni safer.<br/> | ||
| + | <br/> | ||
| + | If you should have any questions or comments, please contact us by calling | ||
| + | 1(888) 882-7331 or by emailing studentservices-assist@columbia.edu | ||
| + | (mailto:studentservices-assist@columbia.edu).<br/> | ||
| + | <br/> | ||
| + | Sincerely,<br/> | ||
| + | <br/> | ||
| + | Scott Wright<br/> | ||
| + | Vice President<br/> | ||
| + | Student Auxiliary & Business Services<br/> | ||
| + | </blockquote> | ||
== Alternative email == | == Alternative email == | ||
<blockquote> | <blockquote> | ||
From: studentservices-assist@columbia.edu<br/> | From: studentservices-assist@columbia.edu<br/> | ||
| − | |||
Date: 11 June 2008<br/> | Date: 11 June 2008<br/> | ||
Subject: Important Security Information<br/> | Subject: Important Security Information<br/> | ||
| Line 35: | Line 103: | ||
Student Auxiliary & Business Services<br/> | Student Auxiliary & Business Services<br/> | ||
</blockquote> | </blockquote> | ||
| + | |||
| + | == References == | ||
| + | <references/> | ||
| + | |||
| + | == External links == | ||
| + | * [http://www.bwog.net/articles/hilarious_housing_dining_social_security_number_mishap Bwog: Hilarious Housing & Dining Social Security Number Mishap] | ||
| + | * [http://www.bwog.net/articles/ssn_snafu_protests_go_digital Bwog: SSNafu Protests Go Digital] | ||
| + | * [http://www.columbiaspectator.com/node/55185 Spectator: 5000 Students Informed of Online Security Breach] | ||
[[Category:Scandals]] | [[Category:Scandals]] | ||
Revision as of 03:45, 13 June 2008
The housing SSN scandal took place in June 2008, when it emerged that a spreadsheet containing the SSNs of over 5,000 had been publicly available on the internet for 16 months since February 2007.
The Excel spreadsheet had been posted to a website called "Google Code" by a student Housing Services employee.
The spreadsheet was apparently created by Sven Hafemeister as a homework for CS4733 Computational Aspects of Robotics. Hafemeister was a SEAS comp sci major and student athlete[1] who has since graduated. He recently took down his Facebook page.
On 10 June and 11 June 2008, over 5,000 students were sent emails informing them of this confidentiality breach. Some students were offered two years of "Identity Guard CreditProtectX3SM" credit monitoring. Other students were not offered any such service.
Email offering credit monitoring
From: studentservices-assist@columbia.edu
Date: 10 June 2008
Subject: Important Security Information
On June 3, Columbia University's Housing and Dining department was informed that one archival database file containing the housing information of approximately 5,000 current and former undergraduate students was found on a Google-hosted website. Google removed this file, at our request, that same day.
Columbia Public Safety investigators have concluded that this security breach was unintentional. No financial data was included in the file in question, and we have no evidence of wrongdoing or identity theft. It appears that the file was inadvertently posted by a former student employee in February 2007. Nevertheless, it is important for you to be aware that your name and Social Security Number were included in the file. We are very sorry for this occurrence.
Information security is a serious issue for us, as we know it is for you. Columbia University is continually strengthening its measures to protect Social Security Numbers where they are required in our systems. Housing & Dining manually eliminated Social Security Numbers from its online room selection process and contracts in April 2007. Further, in spring 2008, Columbia Housing and Dining implemented a new software system to manage and improve the housing assignment, contract, and billing processes which also does not use Social Security Numbers. Unfortunately, this file was uploaded prior to when these changes were made.
As an additional precaution, Columbia has arranged for you to receive a free two-year subscription to a credit monitoring service, Identity Guard CreditProtectX3SM. This service will provide you with a copy of your credit report, monitor your credit files at all three major credit bureaus (Equifax, Experian and Trans Union) and notify you of certain suspicious activities that could indicate identity theft. You will receive additional information about enrolling in this service in the next week.
If you do not wish to enroll in this service, you may still choose to activate a fraud alert with the major credit bureaus, or periodically request a credit report to look for potential irregularities and ensure that no new accounts have been activated in your name. Each agency has an automated fraud alert process. If you activate a fraud alert, the agency you contact will notify the other two agencies so that those agencies also can place fraud alerts on your accounts. In addition, each agency will provide you a copy of your credit report at no cost. The contact information for the credit agencies is as follows:
Equifax - (800) 525-6285 - www.equifax.com
Experian - (888) 397-3742 - www.experian.com
Trans Union - (800) 680-7289 - www.transunion.com
We sincerely apologize for the inconvenience this has caused you. Please know that we take the protection of your identity seriously. We are confident that the changes we have made since this file was posted have made all students and alumni safer.
If you should have any questions or comments, please contact us by calling 1(888) 882-7331 or by emailing studentservices-assist@columbia.edu (mailto:studentservices-assist@columbia.edu).
Sincerely,
Scott Wright
Vice President
Student Auxiliary & Business Services
Alternative email
From: studentservices-assist@columbia.edu
Date: 11 June 2008
Subject: Important Security Information
On June 3, Columbia University’s Housing and Dining department was informed that one archival database file containing the housing information of approximately 5,000 current and former undergraduate students was found on a Google-hosted website. Google removed this file, at our request, that same day.
Columbia Public Safety investigators have concluded that this security breach was unintentional. No financial data was included in the file in question, and we have no evidence of wrongdoing or identity theft. It appears that the file was inadvertently posted by a former student employee in February 2007. Nevertheless, it is important for you to be aware that your name and Social Security Number were included in the file. We are very sorry for this occurrence.
Information security is a serious issue for us, as we know it is for you. Columbia University is continually strengthening its measures to protect Social Security Numbers where they are required in our systems. Housing & Dining manually eliminated Social Security Numbers from its online room selection process and contracts in April 2007. Further, in spring 2008, Columbia Housing and Dining implemented a new software system to manage and improve the housing assignment, contract, and billing processes which also does not use Social Security Numbers. Unfortunately, this file was uploaded prior to when these changes were made.
As a precaution, we recommend you activate a fraud alert with the major credit bureaus, or periodically request a credit report to look for potential irregularities and ensure that no new accounts have been activated in your name. Each agency has an automated fraud alert process. If you activate a fraud alert, the agency you contact will notify the other two agencies so that those agencies also can place fraud alerts on your accounts. In addition, each agency will provide you a copy of your credit report at no cost. The contact information for the credit agencies is as follows:
Equifax – (800) 525-6285 – www.equifax.com
Experian – (888) 397-3742 – www.experian.com
Trans Union – (800) 680-7289 – www.transunion.com
We sincerely apologize for the inconvenience this has caused you. Please know that we take the protection of your identity seriously. We are confident that the changes we have made since this file was posted have made all students and alumni safer.
If you should have any questions or comments, please contact us by calling 1(888) 882-7331 or by emailing studentservices-assist@columbia.edu .
Sincerely,
Scott Wright
Vice President
Student Auxiliary & Business Services
