Google search change leads to major higher-ed security breach

IT experts say campuses should more quickly adjust to Google search changes.

A modification in the way Google searches the web exposed the Social Security numbers of 43,000 people affiliated with Yale University, highlighting another data storage vulnerability that could vex campus IT leaders and prompting questions from technologists who are skeptical of colleges’ commitment to securing sensitive information.

The Yale breach is the latest high-profile data security incident in higher education—one that originated in September 2010, when Google announced its searches would include file transfer protocol (FTP) servers, which previously had been off-limits to general internet queries.

Read more about data breaches in higher education…

The Final Four no college wants to make

More customers exposed as big data breach grows

University faces lawsuit after security breach

Social Security numbers of students, faculty, and alumni affiliated with the prestigious university in 1999 were available on the web for anyone to see after Google made its search change to include FTP servers, according to a Yale announcement released Aug. 26.

“Yale has secured the file, and Google has confirmed that its search engine no longer stores any information from the file,” the university said in its statement, adding that the school’s exposed file didn’t include financial information, birth dates, or other sensitive information.

Still, Yale has hired a data security firm to monitor credit reports at all three major credit bureaus for people affected by the data breach. The university launched a response center for anyone whose Social Security number was included in the breach, which was first discovered by Yale officials in late June.

Ondrej Krehel, a blogger for information protection company Identity Theft 911, wrote in an Aug. 23 post that the age of the files kept on Yale’s exposed FTP server should raise red flags for colleges and universities that might keep old information on campus servers.

"(Required)" indicates required fields