no, thanks
Some people might say it’s a bad idea to place database files of current and former students and their housing information, indexed by their SSNs, on a web server. How else, I ask you, can a person can win free credit monitoring for one year? Whee!
From: @columbia.edu
Date: April 17, 2007
Subject: Information Security Breach at ColumbiaDear [selfish crab]:
On April 2, Columbia University’s Housing and Dining department was informed that three archival database files containing the housing information of some current and former students were inadvertently placed on a Columbia web server. Exposure was limited because there were no links to the files on any Columbia website and because the files could only be viewed with a Columbia University UNI and password and a specific type of software.
I am sorry to inform you that your name and Social Security number were included in one of the files. Please be assured that Columbia Public Safety investigators have concluded that this security breach was unintentional. No financial data was included in the files in question, and we have no evidence of wrongdoing or identity theft. Still, I wanted to advise you of this occurrence and the actions we are taking to reduce the chance of a future breach.
Information security is a serious issue for us, as we know it is for you. The above-mentioned files were immediately removed from the web server. Moreover, in the wake of this incident, Columbia Housing and Dining has taken steps to eliminate the use of Social Security numbers from its systems, both in room selection for current students and in its archival files.
As an additional precaution, Columbia has arranged for you to receive a free one-year subscription to a credit monitoring system. This service will provide you with a copy of your credit report, monitor your credit files at all three major credit bureaus (Equifax, Experian and Trans Union) and notify you of certain suspicious activities that could indicate identity theft. You will be mailed additional information about enrolling in this service in the next week.
If you do not wish to enroll in this service, you may still choose to activate a fraud alert with the major credit bureaus, or periodically run a credit report to look for potential irregularities and ensure that no new accounts have been activated in your name. Each agency has an automated fraud alert process. If you activate a fraud alert, the agency you contact will notify the other two agencies so that those agencies also can place fraud alerts on your accounts. In addition, each agency will provide you a copy of your credit report at no cost…
* * *
Sincerely,
[somebody important]
Executive Vice President
Student and Administrative Services
April 18th, 2007 at 12:52
i saw that too. we were wondering if it was a hoax. looks real now.
April 18th, 2007 at 13:50
Looks legit to me cuz Gmail says it was mailed-by: piglet. Yay wildfire!
April 18th, 2007 at 20:48
I will say “Yay!” to wildfire when v2.0 is launched.
April 19th, 2007 at 0:11
I wonder how far away that is.
April 27th, 2007 at 17:30
What, no Spectator article?
April 27th, 2007 at 17:38
Nope, though they did cover 15 people marching from Lerner to Low to protest Apple’s environmental evils.
Maybe Zach knows?