[Dataloss] Clarkson University Potsdam NY exposes 245 employees PII

[Henry Brown]

http://tinyurl.com/6dyfah

On Tuesday, August 26, a non-malicious student intruder gained access to 
a restricted server and promptly reported the vulnerability to campus 
authorities. Approximately 245 employees and former employees had 
personal information, including name, social security number, and date 
of birth, compromised during the security breach. The file containing 
personal information was a record of employees that had university 
credit cards known as purchase cards (or p-cards). Any university member 
requesting a p-card must provide their social security number and date 
of birth on the application form. Following the incident on Tuesday, all 
affected individuals were contacted and briefed on the situation.

The shared server was only available on the Clarkson network and was not 
available to the general public. Following the breach a full 
investigation was launched with forensic computing to determine all 
users who had accessed the S drive during the vulnerability. The only 
unauthorized access to the personal information was made by the student 
who found the vulnerability. On Monday, August 25, routine work was 
being performed on the S drive causing access privileges to be reset to 
default values, allowing anyone with an active directory user account 
access to the server.

The Integrator talked with President Collins and Kelly Chezum, the 
Assistant to the President for Strategic Advancement, concerning the 
unauthorized access. President Collins said that because of "fast 
thinking, [we were] able to track everything" and that access was 
limited to one individual. Chezum reported that as an affected 
individual she "feel[s] pretty confident my personal information is fine."