[Dataloss] Louisiana: SS numbers accessed

Casey, Troy # Atlanta Troy.Casey at per-se.com
Wed Mar 28 12:45:42 UTC 2007


"'These files were previously secure,' Aguillard said..."

..."previously" apparently meaning "before our web server was booted
up".  Obviously the site did not require a password before allowing a
web session to 'violate' or 'infiltrate' the records containing the SSNs
of the school employees.  Which directives to use in HTML to turn away
web crawlers has been well known to qualified webmasters for years, so
that's no excuse either...not that the web crawler should have been able
to access employee data without authenticating in the first place.

Just another example of careless "stewardship" of people's private
information?  It goes beyond carelessness when you deliberately put
private information on the Web and then don't protect it.  

This sort of blunder becomes more unforgiveable every day, but we have
no law under which these willful privacy violations can be prosecuted -
until someone's already been harmed.  I'm too discouraged to even rant
on about this stuff anymore.  Our country does not take privacy
seriously and apparently has no will to do so in the future either.

-----Original Message-----
From: dataloss-bounces at attrition.org
[mailto:dataloss-bounces at attrition.org] On Behalf Of lyger
Sent: Tuesday, March 27, 2007 5:57 PM
To: dataloss at attrition.org
Subject: [Dataloss] Louisiana: SS numbers accessed


http://www.iberianet.com/articles/2007/03/27/news/news/news15.txt

Rosters containing information, including Social Security numbers, of
about 380 St. Mary Parish public school employees were accessed March 19
by a Yahoo! Web page search engine crawler.

St. Mary Parish schools Superintendent Donald Aguillard said the crawler
violated the school district Web page by accessing a database that
stored
2002 through 2004 staff development rosters.

"These files were previously secure," Aguillard said. "Yahoo!'s new
aggressive Web crawler infiltrated the public server and our technology
department responded immediately to the breach in security by addressing
the following: Contacting Yahoo! and demanding that our information be
stricken from cached files, notified all workshop participants of the
possibility that their personal information was revealed, while also
contacting the Web page archiving services and demanding the removal of
our cached pages."

[...]
_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss Tracking more than 158 million compromised
records in 605 incidents over 7 years.


More information about the Dataloss mailing list