Three Data Breaches Occur at MSU in 2007

After Montana State University suffered three distinct data hacking incidents, it is alerting 271 people of a possible exposure of their Social Security numbers in at least one of the incidences.

On November 2, a theft of a device storing data was determined that exposed the Social Security numbers of 216 university employees and students who resided on the campus housing between 1998 and spring 2007.

In another incident also on November 2, a security analyst working independently informed the University's data security department that a spreadsheet listing the names and corresponding Social Security numbers of 42 individuals, who were mostly new recruits in 2006 summer season, was leaked on the Website of MSU. The Excel sheet was, however, quickly removed.

At the time the staff at MSU data security unit was examining the spreadsheet incident, it found that another Excel sheet containing the Social Security numbers for 13 individuals attached to the Department of Computer Science was available on the MSU Website. That too was quickly removed.

According to a statement by MSU spokeswoman Cathy Canover, the University considered these incidents seriously and acted swiftly to notify all those affected. BillingGazette published Canover's statement on November 6, 2007. She added that the University learns as much as possible from each such incident to enhance its security system. It also invests a lot of time to prevent any future repeat of such events.

Before the November incidents, MSU had suffered another data breach. In early October 2007, an attacker hacked a server that stored students' records of Social Security and credit card numbers that the University assigned them.

Canover said that although the University was sure that the thief actually didn't want the device's database, it was still a serious issue. It was therefore alerting all its employees and students that their private records could be at risk. The University has also posted a list of recommendations on its Website so that people could follow them to protect their information.

The College of Engineering has decided to raise awareness of the staff handling sensitive data and enforce procedures and protocols to minimize data exposure.

Related article: Three New Threats With Highest Percentages in Top Ten

» SPAMfighter News - 11/23/2007