I’ve written much larger data breaches, but I don’t think I’ve ever been more amazed by an organization’s total disregard for information security than that displayed by Binghamton University in Binghamton New York.
Let me paint the picture: There is on BU’s campus a large lecture hall used on a daily basis and late into the evening. Next to the lecture hall is a two-story storage area. The door to the storage area is open—in fact the latch is taped to prevent the door’s being locked.
News reporters from WHRM casually wandered into the storage room the other night and found dozens of unlocked file cabinets and lots of open shelving. Everywhere in the room were boxes, binders and stacks of files. Within them the reporters found records of current and former student records, some dating back to the mid-90s.
Information within the records included:
- Records of tuition payments sorted by Social Security number.
- Receipts for tuition payments, complete with credit card account information.
- Residency records with tax information and copies of students’ parents’ Social Security cards.
- Scans of students’ Social Security cards, driver’s licenses and vehicle registrations.
- Scans of a letter from the U.S. government granting a student’s mother asylum.
- Scans of W-9 tax forms from a student’s parents, both parents’ social security numbers, tax forms for the parents’ business and Social Security numbers and vital information for the parents’ employees.
- Undeliverable mail that included students’ names, addresses and Social Security numbers.
The stairs to the second floor provide the only access to the lecture hall’s lighting system, so it can be reasonably assumed that a number of janitors and maintenance workers have had easy access to the records. In fact, anyone who considered stealing the records would have found the shopping cart and hand truck within the storage area an added convenience.
University officials have since contacted WHRM’s news director and advised him to secure legal representation.