|« Dislike the Dislike Button||Secure That Wireless »|
University of Hawaii Data Breach
Well, it looks like yet another organization has gotten compromised and potentially exposed the data of thousands of customers. In this case the University of Hawaii Parking Office are the culprits and as many as 53,000 people may have had their personal info (including social security numbers and even a few credit cards) exposed.
I won't beat the dead horse too much, but I do want to say:
- Really? A database with social security numbers that wasn't locked down? I guess we don't have much information on how this breach occurred but I'll be very curious to know if it was a known vulnerability that hadn't been patched or simply lax security procedures.
- Really? You need social security numbers to sell parking permits? That's what the database in question apparently was - it's not at all clear to me why that database needed to include social security numbers. Hot tip: If you don't need to collect/store sensitive information like social security numbers or credit card numbers...don't collect and store them.
- It appears that U.H. isn't offering any free credit monitoring to those affected. I realize they're under a budget crunch over there, but under the circumstances that seems a little weak.