In 2014, about 146,000 students at Indiana University had their information, including social security numbers, exposed. This wasn't a hack, but it was a data breach. Here's the difference: a hack is someone trying to access information that's specifically been made unavailable to them. It's the online equivalent of breaking and entering. A data breach can certainly be a hack, but it's larger than that. It includes accidental releases of info. Here, the data was exposed because it was stored on an unencrypted area. Search engines gathered the information (because that's what search engines do), and gained access to 146,000 student's records. This info should have been encrypted and it's pretty easy to lay the blame on the university for not encrypting an area that should have been encrypted.
When I said above that a hack was the online equivalent of breaking and entering, this data breach was more like a person walking through a public area of a government building, picking up brochures. Only, someone made a mistake and put confidential info into the brochure racks. The person who got the information wasn't necessarily acting nefariously- they collected random info that they were told was available for them to collect. But that info shouldn't have been in that rack for them to collect.
References:
Wang, Stephanie. "Data Breach at Indiana U May Have Exposed Student SSNs." USA Today. Gannett, 26 Feb. 2014. Web. 12 Oct. 2015. <http://www.usatoday.com/story/news/nation/2014/02/26/indiana-university-data-breach/5830685/>.
No comments:
Post a Comment