Press Releases
Florida State Agency Loses 250,000+ SSNs Online
FOR IMMEDIATE RELEASE: December 2, 2008 UPDATED: December 4, 2008TALLAHASSEE, Florida. The Florida Agency for Workforce Innovation (AWI, or Florida Jobs) has lost employment information and more than a quarter million social security numbers by posting them online last month, including the social security numbers of at least fifty children. more...
Website Posts Personal Information for Phishing Victims
FOR IMMEDIATE RELEASE: October 9, 2008KSA-MW.com. Ksa-mw.com posted what appeared to be the results of a "phishing" expedition. The website posted personal information for 70 individuals who appear to be victims of a phishing website. Phishing is when someone creates a website that appears to be legitimate (such as a bank website) in order to trick people into divulging personal information. Unfortunately, the Liberty Coalition was unable to contact or determine contact information for ksa-mw.com before it was taken offline. Victims of phishing are at extreme and usually immediate risk that their sensitive personal information will be abused. more...
Dekalb School District Posts 397 Employees' Insurance Info, SSNs Online
FOR IMMEDIATE RELEASE: October 8, 2008RAINSVILLE, Alabama. On November 29, 2007 the Dekalb County Schools Human Resource Department uploaded nine files to the website, dekalb12.org, which included change of address and resignations forms, and also a file named "INVOICE.xls." This file contained the names and employment information of 397 current and former Dekalb County Schools employees, including 135 social security numbers. more...
East Burke High School Posts 163 Teacher, Bus Driver SSNs Online
FOR IMMEDIATE RELEASE: September 4, 2008CONNELLY SPRINGS, North Carolina. In August 2003, several files used to prepare the 2003-2004 East Burke High School Student Directory were placed on the school's website, and forgotten for more than five years. One of those files contained sensitive employee information including names, social security numbers, addresses, phone numbers, job titles, e-mail addresses, and a few unlisted phone numbers. In total, the file contains personal information for 163 staff (teachers, bus drivers, custodians, and others) who then worked at East Burke High. more...
University of Houston Math Prof Posts 259 SSNs Online
FOR IMMEDIATE RELEASE: July 23, 2008HOUSTON, Texas. University of Houston Math professor, Marjorie Marks, accidentally posted 259 students' social security numbers and grades on a UH Math web server in October, 2005. The Liberty Coalition notified the university of the breach in late May, 2008, but search engine caches did not clear until July, 2008. All affected students appear to have taken Math 1310 in Fall 2005. more...
Fotolog.com Used to Traffic Identities
FOR IMMEDIATE RELEASE: July 22, 2008REDWOOD CITY, California. For almost a year, at least one identity thief used Fotolog.com to traffic stolen personal information for 53 people. The information included credit card numbers, addresses, mothers' maiden names, social security numbers, drivers license numbers, bank accounts, paypal account information, and a wide range of other sensitive personal information. The user, "linux3r" (whose account has been suspended) proudly declared, "Selling: Credit cards, Paypals, Banks Logins, etc Ask me..." According to the fotolog.com website, the sensitive information was first posted on June 29, 2007. Fotolog.com did not remove the sensitive personal information for approximately one year. more...
Virginia Tech Profs Post 128 SSNs Online
FOR IMMEDIATE RELEASE: July 21, 2008BLACKSBURG, Virginia. In a breach of personal student information almost identical to the one reported in September 2007, professors "erclark1" and "shugart" posted personal information for 250 students on Virginia Tech servers, including 128 social security numbers and 111 partial social security numbers. The files were discovered and deleted in December 2007, but the Liberty Coalition waited several months before announcing the breach, to make sure search engine caches cleared. The breached files were created in September 2000 and Spring of 1998, and could not have been posted before that time. more...
12,138 Z-Car Enthusiast Personal Information Exposed Online
FOR IMMEDIATE RELEASE: July 16, 2008 UPDATED: December 20, 2008California and Texas. More than 12,000 Z-Car enthusiasts have had their names, addresses, e-mail addresses, and other contact information exposed online. An mlinks.net user, "~aktar" placed a backed-up copy of a SQL database of Internet Z-Car Club Members, which was picked up by search engines. The database also includes personal comments, including dates of birth and car information, despite the fact that many of the members had indicated that they wanted their contact information hidden. more...
CSU Chico Prof Exposes 30 Students Info Online
FOR IMMEDIATE RELEASE: July 15, 2008CHICO, California. A California State University, Chico Computer Science Professor accidentally placed an excel file online containing the names, test scores, lab scores, and last four digits of 30 former students' social security numbers. All affected individuals appear to be former students of Jim McElroy. more...
University of Texas- Austin Profs Expose 2,490 Students' Personal Info Online
FOR IMMEDIATE RELEASE: July 14, 2008AUSTIN, Texas. In its third (and largest) breach in just a few months, the University of Texas-Austin has exposed another 2,490 students' personal information online. More than 60 files containing student and faculty personal information were on University servers since as early as 2002, undetected by the University for more than five years. The files were discovered in January, 2008 and University officials restricted access to the files right away, but copies remained in the Yahoo search engine caches until at least late May, 2008. The files were posted by at least four separate professors, indicating systemic deficiencies in the way the university trains staff and scans servers for sensitive information. more...
OK State University Student Assn Posts Student Info Online
FOR IMMEDIATE RELEASE: May 27, 2008OKMULGEE, Oklahoma. The Oklahoma State, Stillwater Vietnamese American Student Association (VASA) posted social security numbers and Campus addresses for three former VASA students on a university server. The file went undetected by the university for more than six years. The Oklahoma State VASA website has apparently been more or less abandoned for several years. However, one excel file contains the SSNs of three people who were reimbursed for expenditures made for a VASA Sports Tournament held in early March, 2002. more...
City of Newton, IA Posts Job Applications Online
FOR IMMEDIATE RELEASE: May 23, 2008NEWTON, Iowa. The City of Newton, Iowa posted three job applicants' personal information on their website for more than a year. The file contained names, social security numbers, address, phone number, employment and education information for three people who applied for city jobs between February 5, 2007 and March 19, 2007. The City deleted the information immediately upon notification, but the file remained available for several weeks in search engine caches. By placing this information online, the City of Newton has placed these individuals at extreme risk of identity theft. more...
University of Central Florida Prof Posts Grades, Partial SSNs Online
FOR IMMEDIATE RELEASE: May 22, 2008ORLANDO, Florida. In an incident that repeats itself weekly at a new U.S. university, Dr. Tran of the University of Central Florida's Computer Science Data Systems Group posted sensitive student information online. The files were posted in December, 2002, and include names and grades of 141 of his students who took courses in Fall 2000 and Spring 2001. Unfortunately, in addition to posting academic information, the files also contain 60 partial social security numbers. The Liberty Coalition notified UCF on January 30th, 2008, and again on March 28, 2008 after two months of inaction. The files were deleted soon thereafter, but remained in search engine caches until mid-April, 2008. more...
University of Nebraska-Lincoln Prof Posts Students' SSNs Online
FOR IMMEDIATE RELEASE: May 21, 2008LINCOLN, Nebraska. A University of Nebraska-Lincoln Math professor posted personal information for roughly 300 students, including what appear to be 46 Social Security Numbers and 141 Partial Social Security Numbers, on the Math Department's web server. The information appears to belong to current and former students of Steve Dunbar. Most of the sensitive information is stored in Excel files that also contain student grades, scores, enrolled status, and other educational information. more...
Colorado State Exposes Student Info Online... Again.
FOR IMMEDIATE RELEASE: May 14, 2008FORT COLLINS, Colorado. In a student personal information breach almost identical to their January 2008 exposure, the Colorado State University Warner College of Natural Resources posted the names and social security numbers of 204 students online. The files were posted on the same online server, in the same sub-directory, in files of the same type, and affected students of the same faculty member as the breach several months ago. The university removed the files within one hour of notification, and worked with search engines to remove the data from their caches, and will be notifying affected individuals within the next few days. more...
Dentist Posts 2,569 Patient SSNs on Wireless Hot Spot
FOR IMMEDIATE RELEASE: April 9, 2008 UPDATED: November 10, 2009OXON HILL, Maryland. In early March, 2008, Dr. Michell Burdine-Merai's office exposed private information about 9,911 patients, former patients, and their families to the public through an unsecured public wireless network, or "Hot Spot." Of those, the wireless network exposed roughly 2,569 social security numbers. The information also included appointments, dental treatments, and phone numbers. We notified Dr. Merai's office that they should cease broadcasting this information to the public, hire a professional to fix network vulnerabilities, and notify their patients that their information had been exposed to the public. more...
Tax Preparer Accidentally Exposes 701 SSNs on Hot Spot
FOR IMMEDIATE RELEASE: April 9, 2008ALEXANDRIA, Virginia. The office of Martha Yungk, EA accidentally exposed the private information of 7,003 of her clients, former clients and their families on a public wireless network, or "Hot Spot." The information includes more than 700 social security numbers, 400 addresses and phone numbers, and detailed tax information for 2,796 people. Personalized letters to the IRS and multiple state tax agencies are among the more than 300 sensitive documents exposed on the hot spot, which was available to any member of the public with a laptop, who came within 150 feet of the office. The network also contained detailed payment schedules for several thousand clients for tax years 1995-2008, including businesses. The affected individuals appear to be most or all of Martha Yungk's clients, since the mid-1990's. more...
Chiropractor Exposes 56 Patients' Data on Hot Spot
FOR IMMEDIATE RELEASE: April 9, 2008OXON HILL, Maryland. The Oxon Hill location of Prime Care has exposed private information about 56 patients to the public through an unsecured public wireless network, or "Hot Spot." Most of the individuals affected are patients of Dr. Steven Boesche, who occasionally works from the Oxon Hill location. The Hot Spot exposed 29 files with sensitive patient information, including patient account numbers, blood pressure, date of accident, diagnoses, examination results, patient history, pulse, prognosis, and treatments. more...
UConn Prof Posts 14 Student SSNs Online
FOR IMMEDIATE RELEASE: March 31, 2008STORRS, Connecticut. On or before July 24, 2003 former UConn Economics Professor, Dr. Stiver, loaded an Excel file to his University of Connecticut home page which contained the names, last 8 social security number digits, scores, and grades of 14 students. All of the affected individuals appeared to be Dr. Stiver's former Economics 242 students. more...
Florida State University Prof Posts 33 Students' SSNs Online
FOR IMMEDIATE RELEASE: March 28, 2008TALLAHASSEE, Florida. The personal information of 66 Florida State University students sat on a public FSU Chemistry Department server for more than five years. Several files included names, 33 social security numbers, grades, homework and exam scores. All of the individuals affected by this breach appear to be former students of Dr. Steinbock, an FSU professor. more...
Texas A&M Prof Posts Partial SSNs, Grades of Former Students Online
FOR IMMEDIATE RELEASE: March 27, 2008COLLEGE STATION, Texas. On November 21, 2000, someone posted the names, scores, Grades, and last five digits of 44 students' social security numbers on a Texas A&M server. All affected students attended Dr. Clyde Munster's Fall 1998 Hydrologic Principles in Agriculture class (AGEN 350). The Liberty Coalition discovered the files in late November, 2007. Though the university quickly removed the files from public access after notification, copies remained online through late March, 2008 in search engine caches. more...
Stevens Institute of Technology Posts 9 Student SSNs Online
FOR IMMEDIATE RELEASE: March 26, 2008HOBOKEN, New Jersey. Stevens Institute of Technology professor L.E. Levine posted a file with names, Social Security Numbers and Homework scores for 7 students who apparently took his course "MA681" in the Fall of 1999. According to the server personal.stevens.edu, the files were posted on or before April, 2001. Though Dr. Levine deleted them immediately after he was notified of the exposure, the information continued to be available through March, 2008 through search engine caches. more...
University of Iowa has Another Breach
FOR IMMEDIATE RELEASE: March 25, 2008IOWA CITY, Iowa. In the second exposure of sensitive information in as many months, the University of Iowa posted sensitive student information online. Two files were discovered in January, 2008 which appear to contain the names, grades, and last four digits of nine students' social security number were posted on the Computer Sciences Department website. All of the students appear to have attended the Summer 2001 22c-112 course, taught by Aditya Kumar Sehgal, Ph.D. more...
Shabazz Academy Posts K-5 Student Addresses Online
FOR IMMEDIATE RELEASE: March 24, 2008LANSING, Michigan. In late December, 2007 the Liberty Coalition discovered an excel file with the names, addresses, phone numbers, and emergency contact information for 125 students, parents, and others for Shabazz Public School Academy on their website. 69 of those affected are Pre-K through fifth grade students. Though no social security numbers or credit card numbers were exposed, some parents may be legitimately alarmed at the release of contact information for their young children. more...
Wright State University Prof Posts 395 Grades, 38 Partial SSNs Online
FOR IMMEDIATE RELEASE: March 21, 2008DAYTON, Ohio. The Wright State University Computer Sciences Department has posted the names and last five digits of 38 students' social security numbers on their website. All of the students affected seem to be former students of Dr. Junghsen Lieh, Ph.D. who took Materials Engineering courses between 1997 and 2005. In addition to the partial social security numbers, the individual scores and grades for roughly 395 students are also posted online for more than a year. more...
Suffolk Co., NY Posts 250 Partial SSNs Online
FOR IMMEDIATE RELEASE: February 19, 2008HAUPPAUGE, New York. On or before May 22, 2007 (and as early as March 22, 2007), the Suffolk County Government Civil Service posted the names and last four digits of 250 individuals' social security numbers on their website. The file appeared to be a copy of an old database related to the "CF Police Lottery." The Liberty Coalition discovered the file and notified the county government on December 14, 2007. The file was not deleted from the county server until January 30, 2008, after a second notification by the Liberty Coalition. more...
500+ SSNs Escape NJ Lawyers Pellegrino & Feldstein
FOR IMMEDIATE RELEASE: February 11, 2008 UPDATED: February 26, 2008DENVILLE, New Jersey. Confidential consumer information somehow escaped the New Jersey law offices of Collections Lawyers Pellegrino & Feldstein, and ended up posted on several websites. The Liberty Coalition discovered cached versions of an Excel file that contained the full names, social security numbers, dates of birth, addresses, account numbers, and financial information of more than 530 individuals who had interactions with Pellegrino & Feldstein in approximately 2004-2005. It also includes notes about highly private subjects, including medical conditions and employment information. The list, named "newportfolio.xls," was posted on a number of websites, including rjrsolutions.com, cliftonrealtor.com, vdiiorio.com, cliftonrealestate.com, and anthonyc21.com on or before October 8, 2007. Although it was deleted prior to December 6, 2007, copies remained in at least two search engine caches as late as February, 2008. more...
Former East Carolina U. Prof. Posts Info of 736 Students Online
FOR IMMEDIATE RELEASE: February 8, 2008GREENVILLE, North Carolina. On March 16, 2005 former East Carolina University math instructor Ken Butler made a temporary backup of his computer to his personal website, www.ropehouse.com. He didn't delete the files until January 3, 2008 when the Liberty Coalition informed him that his backed-up files included the personal information of 736 students, including 412 social security numbers, in more than 60 files. Although he knew that his students' information was backed up online, Mr. Butler believed that search engines would never find them, since he did not link directly to any of the files. more...
Minnesota State Colleges & Universities HR Department Puts Three SSNs Online
FOR IMMEDIATE RELEASE: February 7, 2008ST PAUL, Minnesota. The Human Resources Division of the Minnesota State Colleges & Universities website (http://www.mnscu.edu) has posted several "Leave of Absence Summary Reports" online. All of the reports contained the names, TRA Numbers, and Leave information for dozens of employees. Each report also contained a column named "SSN." While most of the reports omitted employees' Social Security Numbers, the Dakota County Tech College Report for FY 2007 did not. That report contained the names, social security numbers, leave dates, and other information for three Dakota County Tech College employees. By placing this information online, Minnesota State Colleges & Universities has placed these three individuals at increased risk of identity theft and other types of fraud. more...
Salt Lake City Assisted Living Center Posts 82 Patients' Information Online
FOR IMMEDIATE RELEASE: February 6, 2008SALT LAKE CITY, Utah. In January, 2008 Inspiration Hospice posted confidential information for 82 of its patients, and contact information for 185 caretakers on its website, inspirationhospice.com. The information was inadvertently put online in an Excel file which contained names, partial social security numbers, dates of birth, insurance numbers, medical diagnoses, addresses, phone numbers, prescriptions, and allergies, among other confidential information. The file also documented intensely personal wishes about when a patient wished to be resuscitated, family funeral plans, and even body donation. The personal nature of this exposure is particularly shocking. more...
Rowan University Prof. Posts 370 Students' Personal Info Online
FOR IMMEDIATE RELEASE: February 5, 2008GLASSBORO, New Jersey. A Rowan University professor has posted several files containing personal information for 370 Rowan University students, including 172 Social Security Numbers, 95 Dates of Birth, and 310 addresses. The files also include GPAs, phone numbers, Majors, e-mail addresses, grades, phone numbers, and physical fitness information (such as Bench Press abilities, for example). more...
University of Iowa Engineering Dpt. Exposes 215 Student SSNs Online
FOR IMMEDIATE RELEASE: February 4, 2008IOWA CITY, Iowa. The College of Engineering Student Development Center posted personal information of 321 University of Iowa students on its website, including 215 social security numbers. The Excel file also included names, GPAs, e-mail addresses, student ID numbers, and other academic information. Most of the affected students appear to be seniors who applied for graduation in Spring 2006. By placing this information online, the University of Iowa has put these students at extreme risk of identity theft or other forms of fraud. more...
Iowa State University Prof. Posts 26 Students' SSNs Online
FOR IMMEDIATE RELEASE: February 4, 2008AMES, Iowa. In early December, 2007 Iowa State University posted the names, social security numbers, scores, and grades of 26 former students on its website. The students all appear to have taken the course "ME 325" in the Spring of 2001 from Gloria Starns. The information, along with e-mail addresses was posted on iastate.edu from January 2002- January 2008. Much of the information in the files may be protected by FERPA, and all of it is sensitive. By placing students' names and social security numbers online, Iowa State University has put these 26 students at severe risk of identity theft and other kinds of fraud. more...
Oregon State Posts 19 SSNs Online
FOR IMMEDIATE RELEASE: January 31, 2008 UPDATED: August 6, 2009CORVALLIS, Oregon. In December, 2007 the Liberty Coalition discovered sensitive personal information of 33 students and faculty on a Oregon State University Web server, including 19 social security numbers. The individuals affected appear to be participants in the 2006 NASA Robotics Academy in Maryland, under the direction of Melissa Jenson-Morgan. The personal information, which includes names, SSNs, phone numbers, GPA, Academic Majors, and other information, was placed in an Excel file on oregonstate.edu and indexed by major search engines. more...
U. Mass, Dartmouth Prof. Puts 32 Student's Personal Info Online
FOR IMMEDIATE RELEASE: January 30, 2008 UPDATED: March 3, 2008DARTMOUTH, Massachusetts. In December, 2007 the Liberty Coalition discovered the names, grades, GPA, and partial social security numbers for 32 former students of Phuong Tu, probably from the Fall, 2004 CIS 100 class. Ironically, the sensitive information was contained posted on the Computer and Information Science Department's main web server. In the file, students' complete social security numbers appeared to be listed, with only the first number replaced by a zero. On March 3, 2008, University Registrar, Dr. Carnell Jones, Jr., informed the Liberty Coalition that all 32 students had been informed of the exposure by certified mail. more...
University of Wisconsin Prof. Posts 196 Names and Grades Online
FOR IMMEDIATE RELEASE: January 28, 2008MADISON, Wisconsin. In late November, 2007 that Liberty Coalition discovered the names, scores, and Grades of 196 students of Professor Yu Hen Hu's ECE 734 classes between 1994 and 2006. The information was posted in Excel files on a University of Wisconsin - Madison server. According to the server, the files had been online for several years. Students affected by this breach are NOT at special risk of identity theft. more...
Grissom Air Reserve Base Supervisor Exposes 11 Personnel Online
FOR IMMEDIATE RELEASE: January 25, 2008GRISSOM ARB, Indiana. A Grissom Air Reserve Base weather station supervisor recently posted sensitive personnel information on his personal website, www.0cool.net. The Excel file contained contact information for 11 individuals, including seven social security numbers, dates of birth, drivers license numbers, and other information. The Liberty Coalition contacted one employee who explained that he had found the information by Googling himself days earlier. He talked to the supervisor, who explained that the file was a failed attempt at creating a random number generator. For some reason the Supervisor used fellow employees' sensitive data for testing purposes. As a result, his fellow workers are now at extreme risk of identity theft. The Liberty Coalition was unable to reach the Supervisor directly. more...
Texas State University Exposes 2,215 Employee's Employment Info
FOR IMMEDIATE RELEASE: January 24, 2008 UPDATED: February 7, 2008SAN MARCOS, Texas. The Texas State University Computer Science Department website posted the names, birth dates, hire dates, salary and employment information for 2,215 Southwest Texas State University (SWT) Faculty and Administrators in fiscal years 1998 thru 2003. According to the Excel file meta data, the file was created on February 18, 2003, and has been online since at least March 2006. According to the file, the data source is the employee profile (PEXXEMPF) file of the SWT database. more...
Texas Education Agency Exposes SSNs of Three People Online
FOR IMMEDIATE RELEASE: January 24, 2008AUSTIN, Texas. Earlier this month, the Texas Education Agency has posted the names, social security numbers, and birth dates of three individuals who applied to take the GED. The report is dated March 23, 1998, and was online between at least October 1999 and December 2008, or almost 10 years. more...
13 Names and SSNs Escape from USA Funds, End Up on Geocities.com
FOR IMMEDIATE RELEASE: January 23, 2008 UPDATED: February 4, 2008INDIANAPOLIS, Indiana. In late November, 2007, the Liberty Coalition discovered a the names, partial Social Security Numbers, and detailed student loan information in a report titled "United Student Aid Funds: ...For the Week Ended 05/08/2004." The report includes information about 13 students or former students who had taken out student loans. Though identified as a United Student Aid (USA) Funds report, the file was posted on geocities.com, by a user named "pvvanitha." The report, named "report_format.doc" was report number "DACBRT05," created on December 10, 2004 by "UFD612R1." more...
43 South Florida Workforce Participants' Personal Information Online
FOR IMMEDIATE RELEASE: January 22, 2008MIAMI, Florida. South Florida Workforce, a job and career services organization, posted the names and personal information of 43 of its participants on its website. The Liberty Coalition discovered an Excel file posted on a public document sharing site containing an internal trouble ticket log with 43 names and the last four digits of social security numbers. Three of the participants' names and full social security numbers were exposed. Businesses extend credit based upon the last four digits of the social security number, and some financial institutions use it as a password, making it an extremely sensitive piece of information. By placing this information online, South Florida Workforce has put these individuals at increased risk of identity theft and other types of fraud. more...
Murray State University Exposes 260 Student SSNs Online
FOR IMMEDIATE RELEASE: January 18, 2008MURRAY, Kentucky. The Murray State University College of Education posted the personal information of 260 students and professionals, including names, social security numbers and birth dates, ethnicity, gender, GPA, and test scores on its website. Affected students are all participants in Continuing NCATE Accreditation through Murray State University, and the information is in an Excel report called "2000-2001 State Admissions Report." The report was last revised in June, 2001 and was posted online in Excel format on or before June 13, 2002. Since that time it has been available to the world online. Google picked up the file in its cache at least 1 1/2 years ago. When in Google's cache, otherwise "hidden fields" are automatically un-hidden, and are automatically displayed. more...
Colorado State University Exposes 300 Students' Personal Info Online
FOR IMMEDIATE RELEASE: January 18, 2008FORT COLLINS, Colorado. On November 15, 2007, the Liberty Coalition discovered four files containing sensitive personal student information for 300 Colorado State University students on the Warner College of Natural Resources website. The files include 208 social security numbers, usernames, passwords (derived from the social security number), and other information. The affected individuals all appear to be former College of Natural Resources students. more...
BYU Counseling Center Posts Sensitive Student Information Online
FOR IMMEDIATE RELEASE: January 17, 2008PROVO, Utah. The Brigham Young University's Counseling and Career Center appears to have exposed personal information of 89 BYU Medical school Applicants by placing their names and personal information on its website. The information, contained in an excel file named "MD-DO-Stats-2006.xls," contained full names, last three digits of social security numbers, gender, economic disadvantaged status, academic majors, race, MCAT scores, an indication of whether the applicant was accepted or rejected, and other academic information. more...
Montana State University Exposes 42 Employees' SSNs Online
FOR IMMEDIATE RELEASE: January 16, 2008On November 1, 2007 the Liberty Coalition discovered an Excel file on the Montana State University Website containing personal information of university employees hired in August, 2006. The file is labeled "New Hire Report Aug 16, 2006," posted by MSU Bozeman Personnel & Payroll Services: 19 Montana Hall, PO Box 172520, Bozeman, MT 59717-2529. The file contains the complete social security numbers, names, street addresses, and hire dates for roughly 42 University of Montana employees. According to the MSU Press release,
"...an independent security analyst [Liberty Coalition] informed university data security staff that an Excel spreadsheet with the names and Social Security numbers of 42 people -- mostly new hires during the summer of 2006 -- was available on the MSU Web site. The spreadsheet was immediately removed."more...
Liberty, KY Business May Have Exposed 1,291 Students' Personal Info
FOR IMMEDIATE RELEASE: January 15, 2008LIBERTY, Kentucky. A former elementary school principal, and proprietor of Frysc Connect and Rick's Computer Enterprise in Liberty, Kentucky posted a file online which appeared to contain 2,377 names, including 1,291 of his former students' social security numbers, dates of birth, ethnicities, addresses, phone numbers, guardians' names and other personal information. Rick claimed that he scrambled names and other information so they no longer matched. Though some of the information had apparently been scrambled, much had not. more...
In Response to Data Breach, Cracked.com Changes Privacy Policy
FOR IMMEDIATE RELEASE: January 14, 2008NEW YORK, New York. In early October, 2007, the Liberty Coalition discovered a file containing what appears to be the names, genders, dates of birth, salary information, e-mail addresses, t-shirt sizes, and contact information for approximately 1,010 Cracked.com subscribers. The file was available to the online public, and was not password-protected, encrypted, behind a firewall, nor required authentication to access. The exposure contradicted Cracked.com's already weak Privacy Policy,
"We use commercially reasonable efforts to safeguard and secure your personal information while stored on our computer systems. We use a variety of industry standard security measures, including encryption and authentication tools, to maintain the confidentiality of your personal information. Your personal information is stored behind industry standard firewalls and is only accessible by a limited number of persons who are authorized to access such systems, and are required to keep the information confidential." (Accessed 11 October 2007)However, presumably in response to this breach, Cracked.com has since changed its privacy policy to disclaim all responsibility for exposing customer data:
"We have physical, electronic, and managerial procedures to help safeguard, prevent unauthorized access, maintain data security, and correctly use your information. HOWEVER, WE DO NOT GUARANTEE SECURITY. Neither people nor security systems are foolproof, including encryption systems. In addition, people can commit intentional crimes, make mistakes or fail to follow policies. If applicable law imposes any non-disclaimable duty (if any), you agree that the standard used to measure our compliance with that duty will be one of intentional misconduct."Translation: "We screwed up, and we're not going to take any responsibility for it unless you sue us. You're on your own if we put you at risk." more...
University of Texas, Austin Biology Department Exposes 13 SSNs
FOR IMMEDIATE RELEASE: January 5, 2008AUSTIN, Texas. On November 3rd, 2007 the Liberty Coalition discovered a file online, containing the names, social security numbers, test scores, assignment scores, and grades for 13 individuals who took Biology 331 from K. Sathasivan, Ph.D. of the College of Natural Sciences. The University took the file offline within hours of notification. more...
Army ROTC Releases 551 SSNs Online
FOR IMMEDIATE RELEASE: December 26, 2007FORT MONROE, Virginia. On November 3, 2007 the Liberty Coalition discovered files online that contain sensitive information for 4,057 former ROTC scholarship winners from across the country, including 551 Social Security Numbers. The remaining files contain full names, academic majors, schools, scholarship award and suspense information, and other information for 3,506 individuals. It is unclear whether any of this information is protected by FERPA. more...
Special Olympics, Texas Exposes 2,665 Partial SSNs Online
FOR IMMEDIATE RELEASE: December 26, 2007AUSTIN, Texas. The Liberty Coalition recently discovered 2,665 partial social security numbers of Coaches for the Texas Special Olympics in two Excel files on the Texas Special Olympics website. The last four digits of the social security number are often used to extend credit, and some financial institutions use it as a password. By placing this information online, the Texas Special Olympics has put these coaches at an elevated risk of identity theft. The files also contain location and coach certification information. more...
Titanfoundation.com Posts Personal Information for 1,689 Online
FOR IMMEDIATE RELEASE: December 26, 2007 UPDATED: January 6, 2008In October 2007, the Liberty Coalition discovered seven files on the website titanfoundation.com exposing personal information of 1,689 individuals. The files contain names, addresses, Social Security Numbers, email addresses, and financial information. Some individuals on this list are at extreme risk of identity theft. more...
ID Thief Gives Away 49 New York Residents' Personal Info
FOR IMMEDIATE RELEASE: December 7, 2007NEW YORK, New York. An identity thief who identifies himself as "Cypher," explained how he went dumpster diving in New York for sensitive information. Though the Liberty Coalition discovered the file in August, 2007 and reported the breach to the FBI on August 26, the file remained online until at least October 15, 2007, and was confirmed deleted only on December 7, 2007. more...
University of New Mexico Breach Affects 333 Former Students
FOR IMMEDIATE RELEASE: December 7, 2007ALBUQUERQUE, New Mexico. In early November, 2007, the Liberty Coalition discovered 31 separate files containing sensitive information for 333 students who took math courses from Associate Professor Vakhtang Putkaradze between Fall 2001 and Fall 2004 at the University of New Mexico. The files appear to contain full names, 177 partial social security numbers, 190 e-mail addresses, and grades for all 333 students. The last four digits of a person's Social Security Number is used by businesses to extend credit, and may be used by some financial institutions as a password or identifier. By placing this information online, the University of New Mexico has put these students at an elevated risk of identity theft. In addition, much of the exposed information may be protected by FERPA or other applicable laws. more...
Hundreds of U of Delaware Chemistry Students at Risk of ID Theft
FOR IMMEDIATE RELEASE: December 3, 2007NEWARK, Delaware. On November 15, 2007 the Liberty Coalition discovered 20 separate files containing sensitive personal information for roughly 582 University of Delaware Chemistry students who participated in the Chemistry mentoring program between 2000 and 2004. This information included full names, dates of birth, roughly 482 social security numbers, addresses, telephone numbers, e-mail addresses, home addresses, and a range of other personal information of current or former University of Delaware students. Students affected by this breach may be at extreme risk of identity theft. The files were available to the public on a University of Delaware website. more...
Scholarship Foundation created by Monster.com Founder Exposes 694 students' Personal Information
FOR IMMEDIATE RELEASE: November 26, 2007NEW YORK, New York. Hundreds of high school students from Pennsylvania, New York and West Virginia may be at extreme risk of identity theft after winning scholarships from the McKelvey Foundation. The scholarship foundation, started by Monster.com founder Andrew McKelvey, placed a massive cache of former McKelvey Foundation Scholarship winners' personal information online. A total of 51 files were discovered by the Liberty Coalition on November 8, 2007, using a major search engine. The files contained thousands of records, and roughly 694 unique names, social security numbers, dates of birth, high school, address, phone number, e-mail address, and other sensitive information. The server indicated that most of the files were last modified as early as March, 2004, indicating that they have probably been available online more than three years. Some of the files were modified as late as April 2007. more...
University of Florida Exposes 415 Student Social Security Numbers Online
FOR IMMEDIATE RELEASE: November 19, 2007GAINESVILLE, Florida. On November 15, 2007, the Liberty Coalition discovered 14 separate files on the University of Florida Computing and Networking Services (CNS) website containing sensitive information for 534 former University of Florida students, including 415 social security numbers. All affected individuals appear to be former students of Richard A. Elnicki, D.B.A., Professor Emeritus in ISM 4220 and 4330 between 1998 and 2001. more...
Penn State Department of Geosciences Exposes 39 Students' Personal Information
FOR IMMEDIATE RELEASE: November 17, 2007UNIVERSITY PARK, Pennsylvania. In September, 2007 the Liberty Coalition discovered four files on the Penn State Department of Geosciences website containing social security Numbers, assignment scores, test scores, and grades of roughly 39 students. more...
Alabama Licensure Board for Interpreters and Transliterators Exposes 225
FOR IMMEDIATE RELEASE: November 15, 2007MONTGOMERY, Alabama. On October 15 and 27, 2007 the Liberty Coalition discovered several Excel files on the Alabama Licensure Board for Interpreters and Transliterators' website, which contain sensitive personal information of more than 225 licensed translators. The files contain application information, full names, dates of birth, a few social security numbers, addresses, phone numbers, e-mail addresses, employer information, and a other information. By posting this information online, the State of Alabama has put some of these individuals at high risk of identity theft. more...
University of Tennessee, Martin puts 41 Students at Risk of ID Theft
FOR IMMEDIATE RELEASE: November 11, 2007MARTIN, Tennessee. On September 9, 2007 the Liberty Coalition discovered two Excel files on a University of Tennessee, Martin website containing personal information for 240 former high school students who are now between 18-21 years old. The file with the most sensitive information contains 41 names, Social Security Numbers, addresses, high schools, and age, sex, race, and other personal information for 2004 Tennessee Governor's School for the Agriculture Sciences applicants. The Governor's school is a summer program for gifted and talented high school students. The files, online since at least September 2006, expose information protected by FERPA and also put these students at severe risk of identity theft. The exposure was reported to the FBI. more...
Lady Bug Home Care Exposes Job Applicants to ID Theft
FOR IMMEDIATE RELEASE: November 10, 2007BENBROOK, Texas. On October 18, 2007 the Liberty Coalition discovered an Excel file on the Lady Bug Home Care home page (jacklingm.com) that appears to contain sensitive personal information for 105 job applicants and their references. The file contains, full names, home phone numbers, social security numbers, addresses, e-mail addresses, previous addresses, dates of birth, drivers license numbers, medical information, emergency contact information, medical certification statuses, schools, degrees, car insurance information, and previous car accidents. Many individuals on this list are at extreme risk of identity theft. The site has since been taken down. more...
NASWA Exposes 1,146 Social Security Numbers Online
FOR IMMEDIATE RELEASE: November 9, 2007WASHINGTON, DC. In March 2006, the National Association of State Work Force Agencies (NASWA) posted a file containing the full names, social security numbers, and dates of birth of 1,446 individuals who apparently participated in a program offered by the agencies. The organization was notified in March, 2006, and the file was taken offline. However, the file remained in online caches until at least October, 2008. more...
Virginia Tech Exposes 12 Social Security Numbers Online
FOR IMMEDIATE RELEASE: November 9, 2007BLACKSBURG, Virginia. On September 6, 2007, the Liberty Coalition discovered several files on a Virgina Tech server which appeared to contain potentially sensitive information for about 100 people, including 12 social security numbers. The files ranged from grading spreadsheets used by professors to team rosters, to the results of a survey about cell phone usage. Virginia Tech removed the most sensitive files within a month (ie, the files containing social security numbers), but left others online. more...
Scratchpad50.com puts 64 at Risk of ID Theft
FOR IMMEDIATE RELEASE: November 9, 2007BUFFALO, New York. In September 2007, a file containing around the names, social security numbers, scores, grades, and other information of about 64 students on Scratchpad50.com. The operator of the domain could not be readily identified, so the host and domain registrars were notified. Though the file had already been removed from the site when it was discovered, the information was available until September 18, 2007 through a Google Cache. more...
Army's 18th MEDCOM in Seoul, Korea Puts 49 at Risk of ID Theft
FOR IMMEDIATE RELEASE: October 28, 2007SEOUL, Korea. The Army 18th MEDCOM in Seoul, Korea, posted full names, social security numbers, dates of birth, medical diagnoses, medical treatments, sex, race, and other sensitive information of 78 service men and women. The 18th MEDCOM and the Pentagon was notified on June 13, 2006, and the file was deleted within days, but the military did not comment on the existence of the file. The file, "Heat Injury.xls" detailed heat exhaustion and heat stroke of patients stationed in Korea. Some of medical notes included:
"Competing in Army 10 miles, pushing self to make team. Ambient temp 75 F, Rectal temp 106.9 F, No organ damage." "2 mile road march with full gear @1300, Rectal Temp 98.2 F." "P[atient] was out doing field patrol, felt dizzy, kept falling back down. P[atient] felt her body cramping." "Rectal Temperature: 107.0, Brain and Liver were affected by the heat stroke. No previous heat injury." "multi-organ failure; p[atient] expired."more...
University of Idaho SigmaChi Frat Exposes 2,622 Records Online
FOR IMMEDIATE RELEASE: October 27, 2007MOSCOW, Idaho. In December, 2005 the SigmaChi fraternity at the University of Idaho posted personal information of 2,622 current students and alumni. This information included names, addresses, phone numbers, graduation dates, high schools, transferring colleges, and alumni status (ie, indication if an alumnus has been expelled). Most of the information was sensitive or confidential. The files were available to the public through a simple Google search. more...
University of Alabama, Birmingham Posts 960 Studentss SSNs
FOR IMMEDIATE RELEASE: October 27, 2007BIRMINGHAM, Alabama. In December, 2005, the business school at UAB posted the names, social security numbers, GPAs, and graduation dates of 960 former students online, in an unsecured Excel file. It was discovered using a Google search. A university spokesperson explained that the file was posted in error, and was taken down within hours of notification. more...
SemperFi Data Recovery Puts 49 at Risk of ID Theft
FOR IMMEDIATE RELEASE: October 18, 2007FORT SMITH, Arkansas. While searching on Google for his own social security number, an anonymous internet user discovered a breach on www.semperfidatarecoveryandcomputerservices.com, and alerted the Liberty Coalition. The Excel file, belonging to Arkansas company SemperFi Data Recovery, exposed the names, social security numbers, addresses, cell and home phone numbers, W-4 information and other personal information of 40 employees living in Arkansas and Oklahoma. The Liberty Coalition immediately contacted the proprietor of the website by phone and e-mail, as well as several of the victims, and reported the incident to the FBI. Even after the warning, the proprietor left the file online for several more weeks before taking the website down completely. more...
University of Texas, Austin FTP Site Puts 22 at Risk of ID Theft
FOR IMMEDIATE RELEASE: October 10, 2007AUSTIN, Texas. In late September, 2007 the Liberty Coalition discovered six files that contain the names, social security numbers, gender, majors, grades, email addresses, department, etc. of approximately 22 students or former students at the University of Texas at Austin. The files were indexed on an open university FTP site accessible through the search engine, www.filewatcher.com and perhaps other search engines. The affected students appear to be former enrollees of course PGE383 in the Summer of 2001 and 2002. more...
Case Western Reserve Website Exposes Medical Information, Personal Information of 452 People
FOR IMMEDIATE RELEASE: October 4, 2007CLEVELAND, Ohio. In September, 2007 8 files were discovered at filer.case.edu containing sensitive personal information of approximately 452 people. Three files identified participants in a medical study, as well as a detailed description of personal medical conditions, treatments, ages, and other demographic information. In that file, one column identifies several individuals who appear to be doctors or medical professionals who participated in the study: Rein Lambrecht, Thomas Chelimsky, Bill Stacey, and Amer Alshekhlee. Applicants were asked to describe details of their conditions like, "...bladder and sexual function inability to stand > 10 secs, several bowel obstructions... 2 years of diarrhea with no constipation...." Participants were also required to list medications they were taking. The list reveals one participant's treatments as, "glucophage, tricol, bactrim, prinivil, prilosec, crestor, lasix, zetia, aerobid, singulair, zyrtec, albuterol, oxygen, betopic eye, xalatan, wellbutrin, neurontin, iburpofen, mutli vitamin, vitamin E, B-complex, fero-grade." A column labeled "Consent/HIPAA form" shows that 56% of the entries read either "needs signature," or "NO." more...
Educational Dissertation Puts 17,036 K-12 Students at Risk
FOR IMMEDIATE RELEASE: October 2, 2007 UPDATED: July 10, 2008FRANKLIN, Tennessee. On August 28, 2007 the Liberty Coalition discovered three files on a personal website containing sensitive personal information for for about 17,000 Tennessee K-12 students and the names of several hundred teachers. The files were deleted and the website (http://tnweb.org/) was taken down within hours after notification. more...
Customer of PeopleFinders in Poland: 148 Affected
FOR IMMEDIATE RELEASE: October 1, 2007POLAND. The information in this breach was never exposed on any website owned or operated by PeopleFinders, but on a Polish website unrelated to the company. The information appeared to be a PeopleFinders.com report, and was placed online independently by a third party. more...
Arkansas Psychology Board: 284 Identities Exposed
FOR IMMEDIATE RELEASE: September 30, 2007LITTLE ROCK, Arkansas. Between about May 21-31, 2007, the Arkansas Psychology Board posted an Excel file online that contained the names, dates of birth, social security numbers, addresses, email addresses, licensure and other information of 284 Arkansas licensed psychologists. Even after the file was removed, a cached Google copy of the file was discovered on June 5, 2007. Many victims of this breach were notified directly. According to an affected phsychologist, the Arkansas Board of Examiners confirmed that the file had been accessed multiple times during the sensitive period. more...
Jordanian Social Networking Site: 187 Identities Exposed
FOR IMMEDIATE RELEASE: September 28, 2007 UPDATED: October 1, 2007AMMAN, Jordan. In late August, 2007, the Liberty Coalition discovered a text file containing sensitive personal information for approximately 187 people, posted by a user on the Jordanian social networking site, Jeeran.com. This file contained names, addresses, phone numbers, social security numbers, Mothers' maiden Names, Drivers License Numbers, Dates of Birth, Credit Card information, ATM Pins, Bank Accounts, PayPal account information, and other sensitive data. On October 1, 2007, Jeeran.com President & Co-founder Omar F. Koudsi e-mailed SSNBreach.org to emphasize that the company "quickly... co-operated in removing the data." Jeeran.com did in fact remove the information within 48 hours of notification. However, they have not confirmed how long the file was available on their recalcitrant user's page. more...
Temple University: 90 Affected
FOR IMMEDIATE RELEASE: September 26, 2007PHILADELPHIA, Pennsylvania. In September, 2007 the Liberty Coalition discovered two files containing partial social security numbers, grades, passwords, and other sensitive personal information for about 90 students at Temple University. All of the files were posted in the Computer Information System department, in a folder called "~shi." The University was notified, and removed the files within a few business hours of notification, and requested search engines purge their caches. more...
Iowa State Legislature Puts 109 Military at Risk of ID Theft
FOR IMMEDIATE RELEASE: September 26, 2007DES MOINES, Iowa. In September, 2007 the Liberty Coalition discovered a pdf report on the Iowa Legislature General Assembly website, containing the names, social security numbers, and employment information for approximately 109 members of the military. The report was to the members of the Legislative Fiscal Committee, from Steve Linder, Chief Operating Officer, State Accounting Enterprise. Subject: Monthly Military Pay Differential Report. more...
Naval Postgraduate School: Up to 1,058 Affected
FOR IMMEDIATE RELEASE: September 18, 2007MONTEREY, California. In August, 2007 two Excel files containing what appeared to be personal information of up to 1,058 students was found on a website belonging to the Naval Postgraduate School. The file appeared to contain students' full names, ranks, the last four digits of the student's SSN, graduation dates, curriculum information, e-mail, phone number, and other information. The Dean of Students was notified, and the file was removed within hours. more...
Rutgers University Releases 227 Student Records Online
FOR IMMEDIATE RELEASE: September 14, 2007PISCATAWAY, New Jersey. On August 31, 2007, the Liberty coalition discovered files posted on rutgers.edu that contain sensitive personal information. The four files appear to contain the full names, social security numbers, assignment scores, test scores, course grades, and other highly sensitive information for up to 227 students at Rutgers University. The files largely appear to be grading sheets for students of Wenxuan (Bill) Zhang, PhD Candidate/Teaching Assistant, Department of Computer Science. more...
University of South Carolina: 3,199 Affected
FOR IMMEDIATE RELEASE: September 5, 2007 UPDATED: September 7, 2007COLUMBIA, South Carolina. On August 31, 2007, the Liberty Coalition discovered 18 files on the University of South Carolina's Department of Biological Sciences, that appeared to contain the full names, social security numbers, assignment scores, test scores, course grades, indications of academic misconduct, and other highly sensitive information for up to 3,199 students at the University of South Carolina. The files largely appeared to be grading sheets, posted in a faculty section of the website belonging to "~vieyra." Many of the files were indexed by major search engines. more...
Chandra Breach: 408 Affected
FOR IMMEDIATE RELEASE: August 30, 2007JAKARTA, Indonesia. In August, 2007 a hacker site that apparently traffics in stolen personal information posted a file with approximately 408 credit card numbers online, and available through a major search engine. The file also contained Social Security Numbers, Dates of Birth, Mother's Maiden Names, Passwords, PINs, Addresses, Phone Numbers, Card Verification Numbers, Purchase Amount, and other senstitive information. more...
Whizlink.com Breaches 1,299 Records Online
FOR IMMEDIATE RELEASE: August 30, 2007RANCHO CUCAMONGA, California. Sanjiv Bhagat, an employee of California mortgage services company American Vision Financial Inc., was surprised to find that someone was using his username and password without authorization to store sensitive information on his company's server, using a domain registered in his name, but to his company's address. Whizlink.com contained an Excel file which contained what appeared to be a call list with personal information of 1,299 sales leads. Mr. Bhagat insists that he has no idea who the file belonged to, and took immediate action to take the entire site down. more...
Williamsport, PA Police Department Puts 174 at Risk
FOR IMMEDIATE RELEASE: August 27, 2007WILLIAMSPORT, Pennsylvania. The Williamsport, PA police department website exposed the names, birth dates, social security numbers, and other potentially sensitive information of approximately 174 individuals on their website. When the file was discovered in early August, 2007, it had already been removed from the website, but remained in Google's Cache. The file purported to be updated as of 6/27/2007. more...
York County, PA Courts Put 97 at Risk
FOR IMMEDIATE RELEASE: August 27, 2007 UPDATED: September 18, 2007YORK, Pennsylvania. In July, 2007 the York County, PA court website posted a file containing the full names, addresses, home and cell phone numbers, race, social security numbers, and other sensitive information for approximately 97 people. The individuals appeared to be deputized employees of the court. more...
Louisiana Board of Regents Breaches 200,000 Louisiana SSNs
FOR IMMEDIATE RELEASE: August 24, 2007BATON ROUGE, Louisiana. In late June 2007, the Liberty Coalition discovered approximately 163,000 social security numbers, and contact information for nearly 200,000 Louisianans, in nearly 200 online documents. The affected individuals appear to be mainly former Louisiana high school students born between about 1979 and 1987, as well as roughly 34,000 Louisiana state education employees. more...
Tyler Pension Management Solutions Puts 650 at Risk
FOR IMMEDIATE RELEASE: August 24, 2007 UPDATED: July 14, 2008WOBURN, Massachusetts. In August, 2007 a file that appeared to contain the full names, ages, social security numbers, and other pension information of more than 650 individuals was posted on a Tyler Pension Management Solutions website, and available through a major search engine. more...
About the Liberty Coalition
The Liberty Coalition works to help organize, support, and coordinate transpartisan public policy activities related to civil liberties and basic human rights. We work in conjunction with groups of partner organizations that are interested in preserving the Bill of Rights, personal autonomy and individual privacy.
The Liberty Coalition is concerned about the threat to Americans' fundamental and inalienable rights. The Coalition is dedicated to upholding and protecting our basic rights to life, liberty and the pursuit of happiness. In order to accomplish our task, we seek to protect those freedoms as articulated in the Bill of Rights. We base our concerns on the fundamental values and principles of the Declaration of Independence and the U.S. Constitution, particularly the separation of powers and federalism, and Bill of Rights.
About Aaron Titus
A graduate of the George Washington University Law School, Aaron Titus is a Washington, DC-based privacy advocate. When he's not working full-time as a Program Manager for a trade association Rosslyn, VA, he is the proud father of four adorable children.
Aaron is also the host of The Privacy Podcast, Free Space, and several Construction Industry Podcasts. He also writes and blogs about privacy at Because I am Here, Security Catalyst, and JeffreyNeu.com. He has been published by the Chronicle of Higher Education, the Privacy Rights Clearinghouse and PogoWasRight.org.