Accidental Disclosure of USC Student Data on Internet

Test scores, Social Security numbers, and other confidential information belonging to almost 1,500 students of University of South Carolina (USC) leaked on the Web and became accessible through Google search engine during the 8-9 months of 2007.

After becoming aware of the data breach on September 5, 2007, university officials, who started separating the data within hours, decided to notify students on September 7, 2007. They have also established a hot line and Website for suggestions and advice.

USC spokesman Russ McKinney described the glitch as human error, which shouldn't have occurred. He said the university takes such matters seriously and officials were on the job of ensuring that anyone handling private data knew how to protect it. Thestate published this in news on September 7, 2007. McKinney thinks someone at the Academics Department transferred the folders electronically by placing them on a server whose access on the Internet had been easy.

The university's independent newspaper for students, The Daily Gamecock, first reported the disclosure.
It seems the person because of whom the breach occurred was insufficiently conversant about computers, so he failed to realize that the data could be accessible externally. But once the information goes out on the Internet, no one can tell who copies them and misuses it, said Aaron Titus, Director of information privacy for the group. myrtlebeachonline published this on September 6, 2007.

After the information leaked on the Web, the school was soon able to realize it and immediately removed it. It is now trying to find out exactly what data was released, how long it was there, and who all might have viewed it, said McKinney.

According to Privacy Rights Clearinghouse, the USC suffered two similar data breaches in 2006. The group is a consumer advocacy non-profit organization in San Diego that traces the source of such breaches. Experts dealing with identity theft also say that USC should have explicit procedures and rules for transferring data. It should have protected its private information with a firewall or a password.

In 2006, Ohio University also suffered the same when it lost Social Security numbers of nearly 173,000 people to computer hackers.

Related article: Astounding phishing Activity this Thanksgiving Weekend

» SPAMfighter News - 9/21/2007