Sometimes, bad security breaches don’t even require specialized code or software bugs.
Case in point: Seattle University, which accidentally left personal records for 628 current and former students exposed – including names, social security numbers and some medical information –thanks to improperly set permissions on the school’s email system.
The bad settings allowed users to see certain folders that they shouldn’t have had access to, according to a report tonight by our news partners at KING 5.
The vulnerability was found two months ago, and the university has worked with an outside forensics firm to investigate and fix the problem. The university said that it didn’t announce the vulnerability until now because it was investigating the problem. Students who had their social security numbers exposed will be given a free year of identity protection services.
The silver lining in this particular security cloud is that the information was only accessible to people with a Seattle University e-mail address, as opposed to the public at large, and the school said that it doesn’t have any evidence that the information has been used for nefarious purposes.
Still, this incident serves as an important reminder that often, the most insecure part of a computer security chain is the people sitting in front of the computers.
