[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] 365,000 identities breached at Ohio University
- To: RISKS@xxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] 365,000 identities breached at Ohio University
- From: Al Mac <macwheel99@xxxxxxxxxxx>
- Date: Tue, 27 Jun 2006 01:26:57 -0500
<html>
<body>
There have been a series of OU breaches leading to independent
investigations, leading to security education at a high level. For
many institutions, security is a low priority until some incident(s)
trigger a wake-up call about the need for improved education in some
areas. <br><br>
Will this have to happen independently at each institution of higher
learning, or can some of them learn from the PR disasters of
others?<br><br>
Hopefully the academic community will some day learn that public lists of
students grades need not be showing social security #s for other people
to abuse, and that performance and security are not mutually exclusive
goals.<br><br>
Breached OU data includes health center records on 60,000 patients,
social security #s, identifying info on 300,000 alumni, any subcontractor
paid in last 2 years.<br><br>
Employees with long standing experience with the hacked systems, had
tried to get higher authority to become aware of vulnerabilities, before
the security breaches occurred, but nothing was done. Then when the
breaches were discovered, the whistle blowers were sent on administrative
leave, a familiar story, get rid of the people best qualified to help
solve the problems.<br><br>
As for OU Financial Liability for the people who suffered identity theft,
they are using the US Administration's YOYO policy (described in article
on <font color="#FF0000"><b>how US Economy is managed by Alice in
Wonderland
</b></font>
<a href="http://www.itjungle.com/tfh/tfh062606-story04.html"; eudora="autourl">
http://www.itjungle.com/tfh/tfh062606-story04.html</a> ) Any problem with
the end victims, and "<font size=4><b>You are on your
own</b></font>." I suspect some other nations are using the US
model.<br>
<a href="http://thepost.baker.ohiou.edu/articles/2006/06/22/news/14120.html";
eudora="autourl">
http://thepost.baker.ohiou.edu/articles/2006/06/22/news/14120.html</a>
<br>
<a href="http://www.athensnews.com/issue/article.php3?story_id=25314";
eudora="autourl">
http://www.athensnews.com/issue/article.php3?story_id=25314</a> <br>
<a
href="http://www.onnnews.com/?sec=home&story=10tv/content/pool/200606/1770514625.html";
eudora="autourl">
http://www.onnnews.com/?sec=home&story=10tv/content/pool/200606/1770514625.html</a>
</body>
</html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/