.

Personal Info of 235,000 Compromised at WCSU

A computer security problem at Western Connecticut State University exposed the records of about 235,000 people collected by the university over 13 years.


Western Connecticut State University is notifying 235,000 people their records, including social security numbers and other personal information, were insecure on its computers for three years and four months. WCSU said it has found no evidence that records were inappropriately accessed.

 The affected group includes students, their families and those who had other associations with the university, as well as high school students whose SAT scores were purchased in lists, a common practice in higher education.

The vulnerability existed from April 2009 to September 2012 and potentially exposed information, including Social Security numbers, of about 235,000 people whose records were collected by the university over a 13-year period.

Although WCSU has found no evidence that records were inappropriately accessed, to protect those potentially affected, Western is offering up to two years of ID theft protection at no cost through a company named AllClear ID.

 Everyone in the affected groups will receive a letter explaining the protection being offered and the steps they may take to access AllClear ID services.

Since discovery of the exposure, the university has dramatically increased its information protection capacity with new layers of protection. The university will continue to assess and improve all aspects of its information security.

Dr. Robin Appleby November 29, 2012 at 11:43 PM
With Obamacare, and electronic medical records, the government will have ALL your information: your abortions, HIV status, venereal diseases, children you gave up for adoption, sexual problems, depression and mental problems, histories of incest and abuse, suicide attempts, marital problems, drug and alcohol use, abuse and overdoses, they even want to know AND ask how many sexual partners you have had, etc. etc. etc.......as my nurse said today....what could POSSIBLY go wrong with that ?
Ken November 30, 2012 at 01:43 AM
You don't think this info is already fully recorded in a shared data warehouse that health insurers already maintain and use to process claims? There are already health insurance data interchanges. On the other hand, Obamacare does away with all individual underwriting and converts the entire health care market to community rating in 2014. The only criteria for insurance premiums will be sex, age bracket and tobacco use. I am actually planning to ask my insurer at the end of 2013 to provide me written proof that they have security procedures in place that isolate and prevent usage of any and all personal medical information used for claims payment or other medically necessary purposes from the premium determination process.
Kevin O'Connor November 30, 2012 at 07:00 AM
I fail to see a connection here. You're comparing the government's storage of personal information to a university's. You're comparing a place with a reactive security policy to a proactive. Electronic medical records will be better. However, we do need a central authority, or at least an authoritative hierarchy. Giving the task of electronic medical records to all different companies will not end well. Mix and match protocols, inconsistent cryptographic updates, etc. There needs to be a central place where data security is a priority. That will happen, the government is quite capable of doing this. Trust me, I spent 10 hours yesterday trying to break a NIST government-standard encryption algorithm--and that was on a poorly implemented version that leaked some information.. yet that cipher held within the range of computationally feasible attacks. Do you know what it takes to steal medical records now? Break into a medical office and take the file. Do you know how long it would take to break a cryptographically secure electronic record using the best supercomputer in existence? At least 1,315,888,179,366,587 years. That's about 100,000 times longer than the universe is estimated to have been in existence. Just because some places fail at security, doesn't mean security doesn't exist elsewhere. Proactive security vs reactive security makes all the difference. I study it and practice it daily.
Wondering November 30, 2012 at 11:48 AM
Another reactionary scare tactic. I wonder if all doctors need to be dragged into the 21st Century.
Dr. Robin Appleby November 30, 2012 at 12:27 PM
So let's see how the government having all this "SECURE" data works out. In 1996, in the Filegate scandal, 900 raw FBI files were found in the White House with the fingerprints of Hillary Clinton....someone was going through the files looking for dirt on their political opponents. In 2004 Democrat primary for the U.S. Senate, Obama was down in the polls, about to lose to Blair Hull. Somehow Hull's "sealed" divorce records got "unsealed" and Obama won. In the general election that year, Obama ran against Jack Ryan, a Dartmouth, Harvard Law, Harvard Business School grad who had made hundreds of millions of dollars on Wall Street and gave it up to teach at an inner city Chicago school. As luck would have it, Ryan was divorced and the custody records were "Sealed"...... But as with most things.....they somehow got "unsealed" and Ryan lost to Obama. Recently in California...the government sent out 160,000 envelopes with names, addresses and Social Security numbers plainly visible. I am glad that you all have such blind faith in the government. Last time I looked, this was the same government that did an experiment with 400 black men with syphilis to see what happened and intered 140,000 Japanese-Americans in terrible prison camps during WWII without cause.
Dr. Robin Appleby November 30, 2012 at 12:34 PM
I know that I and my family will pay a price, probably huge, for speaking out as I do and criticising the government overreach and abuse I hope that when that day arrives, that Ken, Kevin and Wondering (also Ben, Howard and Andrew)....even though we differ on solutions to the problems of the day......will stand with me....as I would with you.
Kevin O'Connor November 30, 2012 at 05:20 PM
Woooo. Settle down now. I'm actually very much on the side of not big government... Granted I did mention the government specifically but really I meant that there needs to be one central data store, government-owned or not. I was also pointing out the the government standard for encryption have not been broken. Also, my post wasn't in support of Obamacare, I'm not sure if that bridge was assumed. But you bring up a fair point, why would I trust the federal government with my medical records whom have a record of data leaks? Let's take a step back here and I'll state my clear point of view on the subject: There needs to be a central authority or authoritative hierarchy charged with the task of storing and transmitting cryptographically secure digital medical records. There are ways to do this that I would support, even if the government was that central authority. There are protocols that can do 3-way handshake and authentication and authorization where the third party can read none of the actual secure information. The point of the central authority would be to say the two other people are who they say they are and to make sure none of the data gets changed maliciously. This method I would support, even if it's run by the government. My criteria is that the protocol used it published. I do apologize that my post seemed in support of big government, I'm not, I'm in support of digital medical records. Like I said, it can be done securely, government or not.
sock puppet November 30, 2012 at 07:12 PM
First they came for lunatics, and i said nothing because I am no lunatic Then they came for the wingnuts, and I said nothing, because I am no wingnut Then they came for the idiots, and I did nothing, because I am no idiot Then they came for the Applebys, and I kept silent, because I do not like fast food And when they came for me, there were plenty of people left, and we had a party
Steven DeVaux December 02, 2012 at 01:31 PM
Hahahahahahahahahahahahahahaha - good luck. You'll get a letter back from their lead attorney. They respond one step worst that Brookfield does on FOI's.
Steven DeVaux December 02, 2012 at 01:34 PM
The number of people who didn't read 1984, or read it and didn't understand it's meaning is really showing. Since Andrew doesn't have a job, and plenty of years to read, I wonder if he did.

Boards

More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something