Soup of the day: Social Security numbers
Incident: Throw a bag of the finest steaks into a piranha-infested river, and you've got no right to complain when the fish make quick work of it.
In a sense, that's what happened when a 15-year-old freshman at Downingtown West High School stumbled upon, then copied files containing highly sensitive personal information -- including Social Security numbers -- of roughly 41,000 current and former students, families, and other town residents.
Similar because, as the district admits, the sensitive data was placed in a completely unprotected part of the school's computer network by a member of the district's IT staff. More than that, the admin had stored the files in a network segment to which students had access.
Whereas the student was charged with three felonies and one misdemeanor computer crime for copying information left nearly in plain view, the admin is considered guilty of nothing more than a brain-dead IT gaffe.
For what it's worth, the town's police determined that the student merely copied the data to a portable drive and gave only one copy to another student, who is cooperating with the police. That hasn't dampened the witch hunt, however, as several parents and residents are calling for the student to serve jail time.
Why the district was collecting the Social Security numbers of residents for the purpose of sending them newsletters, however, has not come under scrutiny. Nor has the lack of safeguards IT placed on that information.
So negligent was the IT handiwork that, according to school district spokeswoman Pat McGlone, the student "did not need to crack any passwords, evade any firewalls, or blow down any doors, so to speak. He just simply needed to be curious and bored," as Will Hobson wrote in the Philadelphia Inquirer.
And if boredom is all it takes for a teenager to expose 41,000 Social Security numbers, you know your approach to IT isn't smart.
Fallout: Fortunately for the student, cooler heads prevailed at the Chester County Deputy district attorney's office. The student won't face prison time. The district, on the other hand, has had to scramble to send out 16,600 letters to residents warning them about the potential for identity theft and has rushed to better secure its network and this sensitive data.
Moral: Maintaining a highly sensitive database requires encryption -- especially where bored teenagers are allowed to roam. In fact, keep your stored Social Security numbers off the cafeteria lunch menu portal altogether. Oh, and rather than just pillory a tech-savvy 15-year-old for taking advantage of an open door to sensitive personal data, lay equal blame on the IT worker, as well as the person in charge of collecting and protecting the database.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Strategies for Eliminating .PST Files
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Controlling storage costs with Oracle database 11g
The state of Middleware
Discover the advantages of an open architecture multi-vendor network solution
Solve Exchange Mailbox Storage Issues Once and for All
Email Archiving Implementation: Five Costly Mistakes to Avoid
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
AOC Launches 18.5” Widescreen Green 16:9 LCD Monitor in Australia and New Zealand 2008-12-03 15:30:00+11
FrontRange Solutions eases software license management with new License Manager 3.0 2008-12-03 14:56:00+11
Progress Software's Cure for Managing Services-based Applications 2008-12-03 14:42:00+11
S3 Graphics Unleashes Full OpenGL® 3.0 API Support with Beta Driver for Chrome 500 Series GPUs 2008-12-03 14:08:00+11
Informatica Powercenter added to Nec Infoframe Solution Suite 2008-12-03 11:36:00+11
Wireless LANs: Is my enterprise at risk?
Achieve an overall understanding of the risks associated with wireless LANs. Discover their inherent properties, as well as what makes them different from wired networks. Read on to uncover a list of recently published articles on real-life breaches and incidents illustrating the need for proactive measures to mitigate wireless security risks.
Buying Guides
Latest Products
