Shostack + Friends Blog Archive


University of Chicago, 24,000+ SSNs, Unsecured File server

The action is motivated by the discovery by a campus web developer that files containing social security numbers were located on a portion of a public server that could be accessed by web developers not associated with the site. He had pointed this out last November, at which time all of the several dozen files were believed to have been moved to more secure networks. Last week, however, the same web developer found that several of the files were found to be still on the server.

“These files have now all been moved to secure locations, and we also feel confident that the information in these files was not misused,” said Bob Bartlett, Director of Network Based Services for Networking Services and Information Technologies.

From University of Chicago, via Slashdot.
[Update: Thanks to DM for a pointer to the Chicago Maroon story, “Private records discovered on server,” which says it affects all alumni from 1990-2002, and all students enrolled in autumn quarter, 2002. DM also says there are roughly 1,000 students admitted each year, and 8,000 grad students at a given time, for a roughly estimated total of 24,000 or more.]