[StBernard] La. Security Breach Exposes Thousands To ID Theft

[Westley Annis]

La. Security Breach Exposes Thousands To ID Theft
TheNewOrleansChannel.com
NEW ORLEANS - It seems like a list without end -- thousands of student
names, addresses, ZIP codes, birthdays -- and Social Security numbers. In
all, more than 80,000 names and Social Security numbers were accessible for
perhaps as long as two years on an internal Internet site run by the
Louisiana Board of Regents, the body that has oversight over the state's
institutions of higher education. 

"Well, it's a recipe for identity theft if you have a name, a Social
Security number, a date of birth and an address, you can create an identity
that will lead to fraudulently bilking credit cards, tampering with bank
accounts and the like," the FBI's James Bernazzani said. 

"Additionally, someone can apply for a driver's license or other photo
identification. They can make counterfeit checks. They can apply for a job.
They can get an apartment. They can do any number of these things with your
identity," FBI cyber expert Kristy Green said. 

Most of the network was password-protected, but the area containing the most
potentially dangerous data, including thousands of student Social Security
numbers, was not. 

Aaron Titus, a law school student and privacy advocate, said he found the
open door to the Board of Regents internal network using Google. 

Not only did he find the database of student names -- Titus also discovered
150 other files that he said contain up to 75,000 more names of students and
employees. 

For example, there's a list of administrators and instructors at South
Louisiana Community College that includes their Social Security numbers. 

"I'd be shaking in my boots. I'd be really, really freaked out. All of my
information is available to anyone who wants it right now," Titus said. 

He admitted it's hard to pin down how many employees are affected. 

"I was astounded when I saw all this information up -- not protected, not
behind a firewall, out in the open where anybody in the entire world can get
to it," Titus said. 

Law professor Julian Murray said the Louisiana Constitution guarantees the
right to privacy, including Social Security numbers. 

Failing to properly protect student Social Security numbers could jeopardize
federal funding for the Board of Regents under the Buckley Amendment, he
said. 

Murray also said those affected could file a class-action lawsuit against
the board. 

"I think we should be less concerned about what happens to them as much as
what happens to the people they have let out -- that's where the real
problem is here. I don't think they can ever answer civilly or morally for
what they've done," he said. 

The data has been taken down, meanwhile, after WDSU-TV brought the breach to
the attention of the Board. 

"In some ways, we're thankful that you found it because it showed a
deficiency in some of our programs, and we were able to stop it, and now we
are going to try to mitigate any damage," Commissioner of Education Joe
Savoie said.