Who are the last people you'd expect to spill thousands of student records? A computer science dept? What a fantastic guess An errant email leaked academic information on every student at the Cal Poly Pomona College of Science, in California. University publication Poly Post reports that it was, of all people, the American school's computer science department that was to blame for the exposure of 4,557 active student records in an email that got …
In my day your test scores and grades were on a bulletin board outside the professor's office, but your name wasn't attached to it. Instead they used your student ID - which back then was your SSN!
Would have been pretty easy to steal the SSNs of people in class by:
1) if one person is known to be way smarter or way dumber than everyone else, look for the highest/lowest score
2) just hang around the bulletin board and watch people - about half of them will run their finger down the list of SSNs until they reach theirs and trace across. If you know their name, now you know their SSN.
If only scam artists knew how valuable someone's SSNs would be some day, they could have compiled lists of them back in their college days. As a bonus you'd know that everyone on your list is a college graduate, or more.
It's true Social Security numbers were never meant to be private, but having one now means you can access pretty much anything about the owner's life and the ability to attach their name to nearly anything you please. With absolutely no authorization mechanism in place, the only thing to do is to keep the SSN secret.
In my day your degree marks were nailed up in the town square for anyone to read (and in those days many graduates could read!)
Mine too - only they were sorted by grade and then alphabetical order of name, so you started at the top and gradually got a sinking feeling all the way down. If you got to the bottom before starting celebrating, then you weren't going to be graduating that year.
While I can appreciate it may have been embarrassing for those in the final segment, those leaving without a degree, there were never any suprises as to whose name you'd find listed.
would anybody assume administrative staff in IT/Eng departments is different at all from admin staff in other departments? (Ok, they're battle-hardened by having people nearby who think they're their boss and think they're competent in IT matters because they have a comp.sci. degree.)
you have to wonder why sensitive data was stored in a spreadsheet in the first place
Well I don't find it particularly surprising, whether it's correct or not is another matter, but collating and storing student's marks in a spreadsheet doesn't sound wildly improbable, and it's a bit of a stretch to consider that information "sensitive". As noted above, it used to be common for student grades to be posted on a noticeboard for all to see.
"at least one of the students who received the email was able to save the information and post it"
and that/those student(s) just found themselves on the FBI watch list - as a bad apple, for the rest of their lives. It's a good bet if they think nothing of sharing other peoples data, it is just who they are - lame.
Back in the mid-80s, when I was at a university, one of the professors in the Computer Science department did his grades on the departmental VAX running BSD. Unfortunately for him, he left the permissions at world-readable.
There was a minor scandal, as some student read the grades and started talking about them.
The amusing part of this was that the professor was teaching the Operating Systems class, and had LITERALLY just completed the *SECURITY* portion of the curriculum...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
