I really love it when Ivy League schools' hubris leads to their eventual feast on crow.
Harvard was recently forced to admit that about 10,000 applicants for the Fall 2007 academic year had their personal data stolen from a compromised server. In this fiasco, at least 6,600 summaries from admissions candidates which include names, Social Security numbers, dates of birth, addresses, e-mail addresses, phone numbers, test scores and various school records.
As if the breach wasn't enough of a black eye for the pretentious bunch of stuff shirts, a BitTorrent file containing the stolen data has been posted and is now circulating the internet for anyone who wishes to take a peek. The torrent contains a note indicating that "maybe you don't like it but this is to demonstrate that persons like tgatton(admin of the server) in they don't know how to secure a website." In the torrent are a server nackup of the GSAS applicant site (with directory structure intact,) the Joomla database, contacts database and another miscellaneous database.
Naturally, Harvard has been forced to apologize to the students. They have also indicated that they would provide identity theft recovery services from Kroll Inc. to all applicants whose personal information was exposed.
This is yet another example that "Pride goes before destruction, a haughty spirit before a fall." - Proverbs 16:18
Let this be a reminder to everyone that information security must take precedence over all other matters.
Brief AP blurb here.
Harvard server breach exposes personal data of over 10,000 students - Hubris, meets real intelligence.
Subscribe to:
Post Comments (Atom)
1 comments:
Just who can we trust when top dogs like Harvard can't keep our information secure? It is just this sort of lax behavior that is the reason I no longer keep any bank account. I used to think the banks could keep my funds secure. Now, I'd rather take my chances on the street. At least there I can put up some sort of resistance to being robbed.
Post a Comment