WI: UW staff's personal data was on public Web site at least a year

[lyger <lyger () attrition org>]

http://www.madison.com/tct/news/267604

UW-Madison officials waited more than a month before advising more than 
200 faculty and staff members of a potential exposure of their personal 
information on the Internet last year.

The personal information -- including e-mail addresses, phone numbers and 
Social Security-based campus ID numbers of faculty and staff who made 
purchases from the DoIT computer shop -- had been accessible on a campus 
Internet site for at least a year, said Brian Rust, communications manager 
for the UW's department of information technology.

Rust said the Web-based database for DoIT employees was intended to keep 
track of sales transactions for statistical purposes. He said the 
department only learned that purchasers' campus ID numbers -- some of 
which still use Social Security numbers -- could be accessed after a UW 
staffer found information about his own DoIT purchase during a routine 
online search.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml