 "Photo: Illustration by Roland Tran/Poly Post")
While Cal Poly continues to increase student identity security, a recently-discovered security breach resulted in the private information of 355 applicants to be visible online.
This private information included applicant names, addresses, phone numbers and Social Security numbers. At no time, however, was any financial or academic information leaked.
According to a Cal Poly press release, student applicants from February 2003 had their personal information accidentally placed into public folders online. When Cal Poly officials realized this mistake in November 2008, they deleted the information from the public folders.
Some information, however, had been inadvertently retained in key word indexes by Google, as was discovered by a former applicant while doing a Google search of himself.
Meaning any persons personal information could have been found through Google.
Once one of the 355 applicants who were affected discovered this problem, the former student notified a Cal Poly official, who sought to correct this error with Google’s cooperation.
Those affected by the security breach are in the process of receiving letters of notification stating their identities have been put at risk. Although there is no evidence to suggest that information was used for unscrupulous purposes, these students and applicants are being encouraged to search their academic and financial records to ensure they have not been subjected to identity theft of any kind.
A similar situation where Cal Poly was subjected to a security breach occurred in 2005.
This event, however, dealt with a computer hacker who found a path to bypass security measures. This hacker’s actions put more than 30,000 applicants, students and teachers at risk of having private information become public.
Stephanie Doda, chief information officer for Instructional & Information Technology at Cal Poly, said at Cal Poly student information is safely protected.
“The university acted promptly to remove the data when we were notified that this information was available online,” said Doda. “We take the protection of personal information very seriously and have taken remedial measures to try to ensure that this situation is never repeated.”
To prevent this from occurring again, Cal Poly is in the process of increasing the security of personal student information.
Tim Lynch, senior media communications coordinator, said I&IT is unlikely to explain exactly how they are planning to prevent another security breach from occurring at Cal Poly.
“I doubt [I&IT] would disclose details lest they give hackers an edge,” he said “What I can tell you is the university is in the process of implementing a multi-year program to bring all of its computers and servers to an optimal level of security.”
In addition to these precautions, everyone employed in the area of accessing confidential data is in the process of improving their techniques and their levels of training.
Cal Poly is exclusively using the Bronco number in place of Social Security numbers for all on-campus identification, which greatly improves the security for each student. The only use of Social Security numbers would be for the limited number of issues that require them, such as financial aid and scholastic records from other colleges.
According to Lynch, just because security has been improved, does not mean another security breach is impossible.
“The university cannot guarantee that information will never be breached again,” said Lynch. “With that said, no other university, or the CIA or White House, for that matter, could offer such a blanket guarantee. The university has to defend itself against criminals and hackers who want to gain access, and it takes that mission very seriously.”
Reach Anthony Clegg at: news@thepolypost.com
Be the first to comment on this article!