back to article Who are the last people you'd expect to spill thousands of student records? A computer science dept? What a fantastic guess

An errant email leaked academic information on every student at the Cal Poly Pomona College of Science, in California. University publication Poly Post reports that it was, of all people, the American school's computer science department that was to blame for the exposure of 4,557 active student records in an email that got …

  1. Anonymous Coward
    Anonymous Coward

    Double check?

    Heck, I sometimes get to triple and beyond...

  2. Yet Another Anonymous coward Silver badge

    Confidential?

    In my day your degree marks were nailed up in the town square for anyone to read (and in those days many graduates could read!)

    1. DougS Silver badge

      Re: Confidential?

      In my day your test scores and grades were on a bulletin board outside the professor's office, but your name wasn't attached to it. Instead they used your student ID - which back then was your SSN!

      Would have been pretty easy to steal the SSNs of people in class by:

      1) if one person is known to be way smarter or way dumber than everyone else, look for the highest/lowest score

      2) just hang around the bulletin board and watch people - about half of them will run their finger down the list of SSNs until they reach theirs and trace across. If you know their name, now you know their SSN.

      If only scam artists knew how valuable someone's SSNs would be some day, they could have compiled lists of them back in their college days. As a bonus you'd know that everyone on your list is a college graduate, or more.

      1. Nick Ryan Silver badge
        Stop

        Re: Confidential?

        It still baffles me with the utter, and persistent, stupidity around SSNs. They are not secret and never have been. Pretending that they are and using them as if they are takes stupid to a new level.

        1. Anne-Lise Pasch

          Re: Confidential?

          So, if I link a person to a unique identifier, and then attach other personal data to it, its not a privacy concern? I must be stupid.

        2. Carpet Deal 'em
          Facepalm

          Re: Confidential?

          It's true Social Security numbers were never meant to be private, but having one now means you can access pretty much anything about the owner's life and the ability to attach their name to nearly anything you please. With absolutely no authorization mechanism in place, the only thing to do is to keep the SSN secret.

    2. BebopWeBop Silver badge
      Trollface

      Re: Confidential?

      In my day, they nailed up some of the silly buggers on the church doors to add colour (and sound) to the celebrations.

    3. LucreLout Silver badge

      Re: Confidential?

      In my day your degree marks were nailed up in the town square for anyone to read (and in those days many graduates could read!)

      Mine too - only they were sorted by grade and then alphabetical order of name, so you started at the top and gradually got a sinking feeling all the way down. If you got to the bottom before starting celebrating, then you weren't going to be graduating that year.

      While I can appreciate it may have been embarrassing for those in the final segment, those leaving without a degree, there were never any suprises as to whose name you'd find listed.

  3. brotherelf

    Why …

    would anybody assume administrative staff in IT/Eng departments is different at all from admin staff in other departments? (Ok, they're battle-hardened by having people nearby who think they're their boss and think they're competent in IT matters because they have a comp.sci. degree.)

    1. hoola

      Re: Why …

      And why does a recipient of this mistake also believe that the correct thing to do is put it on a public website.

      Responsibility is two way and one would assume that a Computer Science student would understand that.

    2. Anonymous Coward
      Anonymous Coward

      Re: Why …

      Agreed -- this is not a case of the cobbler's children. (And I know of companies flogging security audits whose own IT dep't would fail.)

  4. Alister Silver badge

    you have to wonder why sensitive data was stored in a spreadsheet in the first place

    Well I don't find it particularly surprising, whether it's correct or not is another matter, but collating and storing student's marks in a spreadsheet doesn't sound wildly improbable, and it's a bit of a stretch to consider that information "sensitive". As noted above, it used to be common for student grades to be posted on a noticeboard for all to see.

    1. Anonymous Coward
      Anonymous Coward

      Well, at my uni, the marks were identified only by student number, which was fairly anonymous.

      1. Anonymous Coward
        Anonymous Coward

        I guess when employers ask you what degree you got you tell them it's private and confidential.

  5. Anonymous Coward
    Anonymous Coward

    Something similar happened to me at work

    I once got to be copied on an e-mail from my PHB to their PA telling them to add me to a new pay grade group and, attached, was an Excel sheet with the actual pay of everyone on that group.... whooopsie?

  6. BebopWeBop Silver badge
    Headmaster

    email recall

    Does anyone actually think this works - or have they a rather more interesting mail system than the rest of us?

    1. Nick Ryan Silver badge

      Re: email recall

      It works as long as everything is internal and online within Microsoft Exchange Server. And if the current phase of the moon is in your favour.

  7. N2 Silver badge
    Thumb Up

    Take Environmental Science

    For the best chance of getting a girlfriend - according to one Reddit reader

  8. Anonymous Coward
    Anonymous Coward

    lame choice

    "at least one of the students who received the email was able to save the information and post it"

    and that/those student(s) just found themselves on the FBI watch list - as a bad apple, for the rest of their lives. It's a good bet if they think nothing of sharing other peoples data, it is just who they are - lame.

    1. hmv

      Re: lame choice

      Perhaps.

      But the student didn't just post the information; they summarised it as an infographic and explicitly pointed out that they won't be releasing the spreadsheet, and won't be answering questions that would lead to a leak of information regarding individuals.

  9. red floyd

    Everything old is new again...

    Back in the mid-80s, when I was at a university, one of the professors in the Computer Science department did his grades on the departmental VAX running BSD. Unfortunately for him, he left the permissions at world-readable.

    There was a minor scandal, as some student read the grades and started talking about them.

    The amusing part of this was that the professor was teaching the Operating Systems class, and had LITERALLY just completed the *SECURITY* portion of the curriculum...

  10. Ian Johnston Silver badge

    The data included a racial categorisation for each student. Apartheid Seth Effrica rang. They want their system back.

  11. elwe

    In my day we just read all the faculty members passwords from the unsecured files they had asked various apps to save them to. Not a one of them had any grasp of security, even though they were supposed to be teaching it.

    1. Nick Ryan Silver badge

      Security always happens elsewhere. As long as you don't know where to look for insecurity then a system is secure.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019