Yale confirms 10-month-long data breach

Names and Social Security numbers of some 43,000 people that were affiliated with Yale University back in 1999 have been accessible to users of the Google search engine for the past ten months, reports the Yale Daily News.

It is not known whether the data was accessed or harvested by third parties while it was available, and Yale hasn’t revealed how they spotted the breach.

What is known is that the data was accessible because it was stored on an FTP server, so when Google set up its crawlers to detect and index FTP servers back in September 2010 – and the University IT team failed to get the memo – the server in question and the data on it were indexed and made available for anyone using the company’s search engine.

After detecting the breach in June, the IT team took the server offline and deleted the file containing the data from it. Then, they searched it for similar sensitive files.

Yale Information Technology Services Director Len Peters said that it is unlikely that the file was downloaded by anyone, since both the file and the directory in which the file was located had very inconspicuous names.

The file didn’t contain any financial information, dates of birth and addresses but, just in case, Yale has offered to the staff, faculty, students and alumni whose personal data might have been compromised two years of free credit monitoring and identity theft insurance.