Student uncovers 150 documents containing personal information on 80,000 individuals

Tim Wilson, Editor in Chief, Dark Reading, Contributor

July 18, 2007

2 Min Read

Aaron Titus, a law school student in Louisiana, wanted to prove a point about user privacy. So he started Googling -- and ended up with names, addresses, Social Security numbers, and other personal data on some 80,000 students and employees in the state's university system.

Titus revealed his findings to a local television news station, WDSU, which issued a report yesterday. The FBI and the Louisiana Board of Regents are investigating the leak.

According to the WDSU report, Titus found much of the information on an internal Internet site operated by the Board of Regents, which oversees all of the state's higher education. Most of the network was password-protected, but the area containing the most potentially dangerous data -- including thousands of student Social Security numbers -- was not, he said.

"I was astounded when I saw all this information up -- not protected, not behind a firewall, out in the open where anybody in the entire world can get to it," Titus told WDSU. "I'd be shaking in my boots. I'd be really, really freaked out. All of my information is available to anyone who wants it right now."

Titus found a list of student names and personal data, as well 150 other files that he said contain up to 75,000 more names of students and employees. For example, he was able to pull up a list of administrators and instructors at South Louisiana Community College that includes Social Security numbers.

Law professor Julian Murray told WDSU that the Louisiana Constitution guarantees the right to privacy, including Social Security numbers, and that those affected could conceivably file a class-action lawsuit against the Board of Regents.

"I don't think they can ever answer civilly or morally for what they've done," Murray said.

Commissioner of Education Joe Savoie told the TV station that the Board of Regents was grateful that Titus reported the leak. "In some ways, we're thankful that you found it, because it showed a deficiency in some of our programs, and we were able to stop it," he said. "Now we are going to try to mitigate any damage."

— Tim Wilson, Site Editor, Dark Reading

Read more about:

2007

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading

Tim Wilson, Editor in Chief, Dark Reading

Contributor

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

See more from Tim Wilson, Editor in Chief, Dark Reading
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Kuala Lumpur, Malaysia, skyline against the harbor at sunrise
Cyber Risk
Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity ProsLicensed to Bill? Nations Mandate Certification of Cybersecurity Pros
byRobert Lemos, Contributing Writer
Apr 23, 2024
4 Min Read
MITRE Corp's logo in blue
Endpoint Security
MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti BugsMITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs
byNate Nelson, Contributing Writer
Apr 22, 2024
3 Min Read
A toddy cat (Asian palm civet) on a wooden fence, Indonesia
Cyber Risk
ToddyCat APT Is Stealing Data on 'Industrial Scale'ToddyCat APT Is Stealing Data on 'Industrial Scale'
byJai Vijayan, Contributing Writer
Apr 22, 2024
3 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events