If there were an “oops” or “oh sh*t” category, this entry would certainly fall into it. Duke University accidentally left the personal information of 273 former New York University students available to general internet traffic. Oops. Now, if there’s any good news here, it’s that a) Duke found the mistake–it wasn’t uncovered when there was a problem and they correct did all of the notifications themselves; b) it was a very, very small “breach” (I don’t think you can even call it that)–we’ve been writing about entries where there’s been five-digits worth of people affected so 273, while not a small number if you’re one of those 273, is reasonably small; c) the means of access wasn’t done with malicious intent–the data was simply accessible by search and it wasn’t hacked nor deliberately made available in a way that it was commonly seen and used. Again, this is small consolation to the 273 people whose information it was and undoubtedly they’re wishing they had Lifelock right now.

The former New York University students were members in a class taught by a current member of Duke’s faculty during the professor’s previous employment at NYU in 1997. The personal data included the student names and SSN’s. Apparently the records were part of his personal records that he brought over with them. Duke University’s assessors determined that the information could have been reached only if someone were searching by exact student names AND already had a search code for the Social Security numbers.

The personal information was removed from Duke’s public drives within 30 minutes of the school becoming aware of the problem on April 30. Within hours, all major search engines had cleared their caches and indexes of the student information. I’m really curious to know how they were able to do that (clear the caches). I once wrote about a girl from college and she found it and got pretty upset–it took over a month before the engines finally disassociated my site from her name. I would suspect that a major site like Duke’s would be spidered more frequently though so maybe it’s as simple as that.

As always I would encourage those affected to sign up with Lifelock’s services. It’s always better to be safe than sorry and for $9/month I think it’s a very cost-effective investment.

Tags: Duke University, lifelock, New York University, NYU

This entry was posted on Monday, May 26th, 2008 at 2:32 am and is filed under Individuals, School Breaches. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.