Errors involving spread sheets continue to contribute to breaches. Consider this description in a notification from San Bernardino Community College District – Crafton Hills College Campus. The breach occurred on October 25:
What Happened
We recently learned that a District employee inadvertently sent a spreadsheet containing certain individuals’ information to a community college distribution list. Although the spreadsheet was sent to a known group of individuals and related to certain program information, there was additional information contained in the spreadsheet that was not intended for broader distribution.
What Information Was Involved
The information stored in the spreadsheet varies by individual, but may include first and last name, address, date of birth, Social Security number, and certain course-related information.[…]
This incident does not involve any unauthorized access to or use of any of San Bernardino Community College District’s internal computer systems or network and, as outlined above, this information was sent to a community college distribution list. Please note that we are not aware of any fraud or misuse of your information as a result of this incident.
It’s not clear from the sample notice whether this was a case of hidden fields in the spread sheet or if the employee just didn’t really pay attention to all the fields with additional information. Either way, it’s yet another breach that might have been easily avoided but will now cost the college to investigate and mitigate.