http://www.jhunewsletter.com/vnews/display.v/ART/2005/02/04/42025291bac2c By Katherine Brewer February 04, 2005 Over 2,100 Hopkins students, mostly juniors and seniors, must trade in their J-CARDS after the university discovered it had accidentally posted their names and J-CARDS numbers online this winter. The files, used in the spring 2003 Student Counsel elections, contained the names, birthdays and J-CARD numbers of over 4,000 students. The last four digits of 1,500 of these students' Social Security numbers were also posted. Many of the affected students have graduated, but all juniors and seniors and several graduate students who still have active J-CARDs were contacted through mail by Susan Boswell, dean of student life, on Jan. 24. Although there was no direct link to the leaked J-CARD information, it was accessible through search engines. A student who entered her name on http://www.google.com discovered the files and notified the school. The error was discovered on January 4, but administrators kept it private until all links to the material could be deleted. "It's not clear exactly how long they were online," said Dennis O'Shea, executive director of communications and public affairs for Hopkins. O'Shea also stressed that this would not happen again, because it was a transition year in StuCo balloting, and elections no longer involves entering J-CARD numbers. There is no evidence that the information was accessed and used illegally, but the university decided to take precautions and asked all those effected to trade in their J-CARDs for new one by Feb. 11. "The file was in a very obscure place. You would have had to gone looking for them," O'Shea said, "and most people wouldn't know what they were, even if they did find them." "Although the university feels strongly that any potential harm has been averted by the discovery and removal of the files, we nonetheless think it is advisable to err on the side of caution," Boswell wrote in an e-mail to affected students. The J-CARD office has extended its hours to 7 p.m. until Feb. 11 to help with the exchange, but students who do not exchange their cards by the scheduled date are subject to cancellation of their cards. To date, according to O'Shea's office, more than 750 students have made their J-CARD exchanges, out of the 2,100 juniors and seniors with active cards. "We do encourage all students who are affected to exchange," said O'Shea, "and remind them that they are subject to cancellation if they do not make the exchange by the deadline." Although there is very little that can be done with only the J-CARD number without the possession of the actual card, the university has notified local businesses that accept J-CARD to be on alert and asked affected students to keep tabs on their J-CARD accounts. "It doesn't really bother me much," said James Baird, a senior who has yet to trade in his card. "I suppose it's safer than doing nothing at all, but I'm kind of surprised they didn't figure this out a while ago." Some students expressed little concern about the information leak. "I don't really care that the information was on the Internet," said Mike Kong, a senior. At least one student did express feelings of frustration at the situation, especially in light of what he considered to be other general security failures. "For some reason, I don't have much confidence in the security measures at this school," said Matt Bassett, a junior. "This is just another example of a security failure; they can't even keep our personal information safe on the Internet." _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Mon Feb 07 2005 - 06:44:14 PST