More Than 160 Data Breaches
The first breach involved hacking into an alumni database that contained personal and biographical information for more than 300,000 individuals and organizations. Although the compromised files did not include credit card or financial records, they did include Social Security numbers for many of the records.
The second breach was of a server in the University’s Innovation Center. The data that was compromised contained patent and intellectual property information.
Of the two, I find the first one more offensive. OK, it is bad that the University has let someone surreptitiously access its patent and IP data, but it is worse that personal data was left unprotected -- and if you read the article in the link, the data "had been compromised as far back as 2005."
If you've been reading this blog you know my stance on data breaches and ineffective security - companies are not doing enough to protect the data that people entrust to them. And they will continue to act this way until punitive measures are put in place that dissuade them.
One final note: in my regular web trolling I ran across a great site that I want to share with my readers. It is http://www.privacyrights.org/ar/ChronDataBreaches.htm and it provides a chronology of data breaches. It starts with the Choice Point breach in February 2005 and chronicles the publicly reported data breaches that have happened since then. As of today, May 5, 2006 (Happy Cinco de Mayo!) there have been more than 160 data breaches... in just over 15 months. And that should really scare the crap outta you.
