Shostack + Friends Blog Archive


Stanford, 9,900 SSNs, Insecure Career Center computer

The San Jose Mercury News reports that “Computer system hacked at Stanford:”

The FBI and Stanford University are investigating how someone hacked into a computer system containing information about people looking for work through the university’s Career Development Center.

University spokesman Jack Hubbard said there was no evidence that any data had actually been acquired by the hacker, but that the university is sending letters to about 9,600 clients of the career center and about 300 company recruiters to notify them about the security breach.

The database contains clients’ names, resumes, letters of recommendation and Social Security number, but no financial, credit card, driver’s license or other governmental identification information, Stanford said. Some of the recruiter records contained a credit card number, but no other confidential information.

Stanford has an FAQ, and a statement claiming that they’re preparing to be sued
exercising an “abundance of caution [in] providing written notice.”

No word on if the database designer who decided to insist on SSNs at the career center is now arguing with the unemployment people about their demand for an SSN…