George Mason University recently notified 4,400 people that personal information stored in a Travel Request Applications database could have been accessed due to a malware intrusion. Forensic examination of the server did not find any evidence of access to the data or exfiltration, but could not conclusively rule out the possibility.
The intrusion was discovered on July 16.
The notification letter, signed by S. David Wu, Provost and Executive Vice President of Academic Affairs, and Jennifer Wagner Davis, Senior Vice President, Administration and Finance, did not indicate what kinds of personal information were involved.
Those notified were offered free credit monitoring services with Experian ProtectMyID.
I was finally able to reach George Mason regarding this breach. Those travel files contained Social Security Numbers for 4,400 individuals most of whom were employees. Only a few students involved. In years past, the university’s travel reimbursement forms had a space to enter SSNs and evidently folks did so. That form has been updated to remove the SSN box but the investigation revealed files on the server containing older documents with the vital data.
Makes you wonder if the entire nation shouldn’t start a push back protest. When asked for your SSN at the doctor’s office or on minor forms like a travel reimbursement form, write in “Ha, Ha, NO.” I did so at a medical appointment two weeks ago and the receptionist agreed it was stupid to even request SSNs. Said she wouldn’t provide hers either so WHY do businesses keep asking for this info??
I stopped providing my SSN to doctors’ offices/hospitals years ago, and if they dare to repeat the request verbally, I tell them: (1) you don’t need it, (2) I’m not giving it to you, (3) move on.