Google search change leads to major higher-ed security breach

“One could question the logic behind retaining records that are 12 years old,” Krehel wrote. “As a best practice, institutions should have in place a data retention and destruction policy as part of an organizational privacy framework that lays out a plan for the maintenance and lifecycle of personal data in their organization.”

Higher education IT officials rank cyber security among their most pressing responsibilities, but old security programs and methods have plagued campuses as hackers find ways around the technology, said Frank Andrus, chief technology officer of Bradford Networks, a computer security company based in Massachusetts.

“By and large, we find that educational institutions are very serious about data security,” he said. “Unfortunately many depend on home-grown security solutions – often developed by former students – that have long outlived their usefulness.”

The Yale breach is the latest case of “Google dorking,” a phrase bounced around the web referring to hackers’ persistent efforts to hijack personal information via the world’s most popular search engine.

Faculty members, students, and parents should be alarmed that Yale’s technology officials weren’t aware of the exposed server until 10 months after Google made its much-publicized announcement about the FTP servers, said Sue Marquette Poremba, a writer for

“You would hope that IT professionals, especially any who are in charge of security matters, keep abreast of changes, updates, or upgrades of applications like Google,” Marquette Poremba said. “To me, this points out why funding for IT security has to be a priority, especially in the education sector.”

Marquette Poremba also questioned the necessity for Google’s web searches to include such thorough examinations of files that were private until last fall’s search modification.

“Is there a reason why Google has to make searchable everything ever stored on a computer?” she said. “Thanks to Google, virtually nothing is private anymore.”

"(Required)" indicates required fields