Yale University exposes confidential data
The confidential data of 43,000 students, faculty, staff and alumni of Yale University has been available online for approximately 10 months. According to a report from Yale Daily News, the private information, which included names and Social Security Numbers (SSNs), was accessible by anyone via a Google search.
Len Peters, Information Technology Services Director at the private Ivy League university, told the newspaper that the information had been stored on an FTP server primarily used for open source materials. It had been hidden from the search engine until changes were made in September 2010 to the way that Google finds and indexes FTP servers. Once the breach was discovered on 30 June, the server was immediately blocked from the internet and the file was removed, added Peters.
As noted by CNET, Yale isn't the only school to experience problems keeping confidential information private. Purdue University last week informed more than 7,000 former students that an attacker may have gained access to their confidential information in a breach that occurred on 5 April 2010. The school says that it learned of the breach three days later and took the server offline. Laszlo Lempert, head of the Department of Mathematics at Purdue, said, "We regret the breach occurred, and we've taken extensive measures to prevent this from happening again."