Monday, July 21, 2008

University of Maryland trips up by printing SSN in a mailing


This time, a simple mistake in a data center has led to compromise of individual security. At the University of Maryland in College Park, NE of Washington DC, the university had mailed all students a brochure that contained information about on-campus parking.

Around July 8 the University discovered that the mailing label had included the student social security number. Apparently this was an inadvertent human error, and not the result of any compromise of an internal application or Internet use. This is an incident that could have happened decades ago, before the Internet.

It is certainly true that in the past, it had been common for many businesses to include social security numbers on mailing labels in lists. This practice had probably stopped by and large by the mid 1990s.

Apparently they number was not hyphenated or formatted, and a casual visitor would not have known what the number was. However, it would be harmful to have a printed document visibly displaying home address and SSN on the outside of an envelope in the postal service.

The University is offering affected students free credit monitoring with Equifax.

Again, and especially in view of the subprime crisis, it’s appropriate to ask why lenders have been so careless and shown so little diligence in making loans.

The story appears on WUSA Channel 9 (CBS) in Washington July 18, 2008, here.

No comments: