Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 31st, 2011 in Current News by Simply Security | Be the first to comment | Tags: Current News

Yale University recently began notifying people affiliated with the school about an accidental data breach.

Yale University is sparing no expense as it tries to repair its image and security standards following a breach of 43,000 people who were affiliated with the school in 1999.

First reported in the Yale Daily News, the data leak exposed names and Social Security numbers of all the parties involved, leaving them accessible on Google search engine results for the past 10 months.

Now, although Yale's Information Technology Services Director Len Peters told the Yale Daily News there is no evidence that the information has been exploited, the school is offering anyone affected by the breach two years of credit monitoring and identity theft insurance free of charge. Similarly, the university has reacted swiftly in regards to its data security practices.

"We immediately blocked that server from the Internet, removed the file and did a complete scan of the server to make sure there were no additional at-risk files," Peters said.

In this case, the data leak occurred as a result of changes in the technology world. According to the Yale Daily News, Peters said the leaked information was stored in a file transfer protocol server operated by the university. Last September, Google made a change to its search engine algorithm that recognized FTP servers and made them accessible via its search engine, thus releasing Yale's information to the public.

It would not be surprising if additional reports of similar incidents surfaced soon, as the misfortune suffered at Yale could have happened to anyone. Considering the reach of Google's search engine results, and the complexity of its algorithm, adjustments could put highly sensitive and expensive information at risk without anyone being the wiser. All being well, the data leak suffered by Yale and their speed of response may help heighten awareness in the industry and alert officials at other organizations of similar risks.

This event demonstrates how a simple oversight could prove fatal to smaller organizations. A study conducted by HP last year found that 70 percent of small- and medium-sized businesses that fall victim to data breaches do not recover.

Similarly, a July study released by the Ponemon Institute found that 90 percent of all responding companies had experienced a data breach in the past year.