Turns out Yale has more than a few Skull and Bones in the closet.
The Ivy League school fell prey to Google hacking, also known as Google dorking, when cybercriminals use Google search functions to access data on the Internet. USA Today’s Bryon Acohido has a on the topic.
The practice is becoming more common. The latest victims: More than 43,000 Yale faculty, staff and students, both current and former as of 1999. Their personal data, including names and Social Security numbers, was stored on an accessible through a Web search.
Google started indexing FTP server data in September 2010 as part of changes to its search engine collection roadmap. As a result, FTP server data available worldwide was indexed by Google Spider. Yale learned of the breach on June 30. The data was available on the Internet for the past 10 months.
Three points worth further exploration immediately come to mind:
Knowing where your data is located, what are the access control mechanisms, and having an audit process to verify that resources are properly used, is generally part of every cyberrisk program. When one of them fails, a data breach is inevitable.
Meanwhile, breach victims are left in the lurch. We encourage folks whose data has been compromised to check with their bank or insurer to see if they qualify for Identity Theft 911 services.
Data breach victims can also follow these 6 tips to protect their identities.
Ondrej Krehel, Chief Information Security Officer,
Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.