Jacksonville State University officials learned Tuesday of a website that allows users to search for students’ personal information, including photos, addresses and phone numbers, all apparently stolen from JSU’s own database.
The site allows visitors to search using students’ names to find photographs along with birthdates, student ID numbers, fraternity and sorority affiliation and other information. Information for some former students, faculty and staff is also on the site.
The website is intended to be a safe yet intriguing lesson to universities and other academic institutions to value their students’ personal information. We live in an age where records that were once on paper protected by security guards are now digitized protected by nothing.
The sad truth is college aged students are very susceptible to identity theft: they post every detail of their life online and are just beginning to understand financial security.
I believe among the responsibilities of any organization that one belongs to is the protection of their subjects’ personal information. Jacksonville State University among others have failed to honor this responsibility.
You know what’s scarier than your address and phone number being released on a website? Not knowing that your SSN, credit card, and account numbers are being silently collected every day by cybercrime organizations.
In lieu of similar compromises our academic institutions will hopefully adapt from this misfortune.
“Scottrade’s cybersecurity measures were so deficient that it never realized the massive theft occurred until two years later, when federal authorities told them about it,” the Scottrade class action lawsuit states. The hackers allegedly accessed the personal identification information (PII) of Scottrade customers from September 2013 to February 2014 without detection from Scottrade, which the plaintiffs call an “inexcusable failure of Scottrade’s obligation to take reasonable steps to safeguard this information.”
The consolidated Scottrade class action lawsuit was filed on Feb. 19 by plaintiffs Andrew Duqum, Stephen Hine, Matthew Kuhns and Richard Obringer. Hine filed a separate data breach class action lawsuit in California, but Scottrade argued in December that it should be consolidated with a nearly identical case that was already pending in Missouri.
Utah authorities are investigating a website allegedly created by a Cedar City resident who published personal information of Southern Utah residents whose names were part of a 2015 website hack.
According to four search warrants unsealed last week in 3rd District Court, a Facebook page and a website called AM Southern Utah “disclosed customers’ names, physical and email addresses for the Southern Utah area,” who had allegedly registered with Ashley Madison.
The warrants stem from a Utah investigation conducted by the State Bureau of Investigations and is part of a larger FBI investigation into the hack. No one has been charged with a crime in either investigation.
A new German law, which grants authority to the country’s consumer and business associations to enforce compliance with data protection laws, goes into force on February 24, 2016. A representative of the German Ministry of Justice pointed out that the new enforcement powers are specifically aimed at foreign companies having their headquarters or operating from outside Germany, including the U.S.