Google index change exposes 43,000 Yale social security numbers

Another day, another serious data breach. This time, Yale University left social security numbers on an unsecured server, and complained when Google indexed it. Facepalm.

Around 43,000 names and social security numbers of staff, students and alumni members of Yale University, have been searchable via Google for the last ten months.


Discovered in June, officials say that there is no evidence to suggest that the information has been exploited.

The data, which contains information on staff and employees since 1999, was held on an unsecured FTP server -- hidden from search engines until September 2010 -- until Google started indexing FTP servers.

Reported to have an "innocent sounding" file and directory naming structure -- the fact is, the data should not have been stored there in the first place.

Suffice to say, had this happened in England, the data protection agency, the Information Commissioner's Office, would have burst a blood vessel over this one.

But it's not clear whether Google's index change is to blame, or whether Yale borked up by putting the social security numbers on an unprotected FTP server.

This comes as many other universities and colleges have suffered data lapses and breaches this summer.

Purdue University suffered a hack earlier this year, which affected students over a five year period, where social security numbers and other personal information of over 7,000 former students was left exposed.

The University of Wisconsin continues to investigate a breach which exposed over 75,000 social security numbers of student and staff. Malware was the cause of the breach, which is believed to have attacked a research repository server in a bid to access material yet to be released to the public.

Earlier this year, hackers attached to the 4chan messaging board attacked a New Jersey school district's databases. Instead of just stealing data, hackers changed students' grades and school dinner prices to $9,000.

The University of Kent also caused controversy by unlawfully disclosing disability data of students -- myself included -- for which was then investigated by the UK's data protection agency.

The ICO also began an investigation in March where the data of 17,000 students from the University of York was leaked on its website -- including personally identifiable information like dates of birth and qualification grades from previous examinations.

It has not been a great year for data protection of students. Having said that, no wonder European countries do not want to share its data with the United States -- considering the data protection laws are appalling.

Related content: