NEWS
NYU website leaked students’ vital information
Looking for a print version?
Simply choose ‘Print’ on your computer and a printer-friendly document will be generated.
Also by Stacy Waite:
- North Dakota student missing for months, body finally found (April 19, 2004)
- Police find body of NIU student in area pond (April 20, 2004)
- Celebration riots lead to punishment at Iowa State (April 21, 2004)
- Unauthorized drug-related shipments to Northwestern University spur criminal investigation (April 7, 2004)
- Bush puts time limit on Pell-grant collection (April 8, 2004)
Related Stories:
- Second data leak leaves NYU scrambling (February 19, 2004)
- Hacker able to access personal info, e-mail after discovering flaw in Kent State University's website (February 20, 2002)
- Fall high season for ID theft (September 10, 2004)
- Virus affects WiscMail accounts (January 28, 2004)
- Campus Sex Crimes Prevention Act works to notify students (February 4, 2003)
by Stacy Waite
Thursday, January 22, 2004
Bewildered intramural athletes at New York University recently discovered that their social security and phone numbers were leaked to the Internet. The information was picked up by Brian Ristuccia, a computer technician in Massachusetts who found the list of information on NYU’s website while surfing the web.
NYU notified the 1,800 intramural athletes via e-mail, saying vital information was posted on Ristuccia’s website, and because of this action the university is considering taking legal action.
According to The New York Times, Ristuccia said he sent the NYU administration an anonymous e-mail message in December to notify it of the accessible information, but no action was taken because NYU had no record of Ristuccia’s e-mail.
Jonathan Vafai, the chair of the Student Senators Council and the University Committee on Student Life, said NYU’s student body was shocked.
“Students were horrified to learn about this and the actions of the man who made the copy of the file,” he said.
Vafai also said the information leaked from an isolated registration for intramural activity, not an official, university-wide database.
Vafai said the council called for the university to move from social security numbers to student ID numbers, and for NYU’s Information Technology Services division to check out other areas where student information could be potentially collected online. Vafai also cautioned students to monitor their own web safety.
“I am advocating that students be more vigilant about who they give their personal information to,” he said. “[This issue] has raised awareness of the issue of identity theft, so students are already being more careful.”
Brian Rust, marketing communications representative at the University of Wisconsin-Madison’s Division of Information Technology, said UW started converting from social security numbers to student ID numbers a few years ago. He said during his 15 years on the UW campus, he had been prompted to get a new ID in place of his social security number about two years ago, after receiving a letter.
Rust said chances are slight of a similar happening at UW.
“Someone at NYU made a mistake,” he said. “The key is how quickly it’s identified and fixed.”
Rust offered advice to web users to help prevent something of this magnitude from happening to them.
“Don’t give anyone your personal information, like your social security number or credit cards, unless you are certain the web link you are using is secure,” he said. “And the company should have a good reputation when it comes to security.”
