2012 has to be the year of the College Data Breach. I’ve seen some huge numbers with large populations being effected. The latest news has me first asking, where the heck is Western Connecticut State? The second question, if you got a computer science degree from them I hope you ask for a refund. The data breach happened when a server was open to the public for more than 3 1/2 years! SC Magazine has the break down.
How many victims? 235,000 students, former students, parents, faculty, staff and individuals who sent their SAT scores to the college, but never attended. The vulnerable records date back to 1999.
What type of personal information? Names, Social Security numbers, addresses, email addresses, phone numbers and, in some cases, grades.
What happened? Configuration controls on a general database at the university were incorrectly set, which could have allowed an outsider to remotely access the data contained within. The misconfiguration was discovered during routine maintenance. It had existed from April 2009 to September of this year.
You can read the whole piece on the “Western Connecticut State notifies 235k over database gaffe” here.