Seth Boster reports:
Jacksonville State University officials learned Tuesday of a website that allows users to search for students’ personal information, including photos, addresses and phone numbers, all apparently stolen from JSU’s own database.
The site allows visitors to search using students’ names to find photographs along with birthdates, student ID numbers, fraternity and sorority affiliation and other information. Information for some former students, faculty and staff is also on the site.
Read more on The Anniston Star.
Following concerns raised on Twitter, the site has now redacted street addresses, but the database can be searched by entering just a single letter. For example, entering “A” returns 150 results that include date of birth, picture, and student ID number, as well as email address.
The site’s maintainer(s) posted the following message on a paste site:
The website is intended to be a safe yet intriguing lesson to universities and other academic institutions to value their students’ personal information. We live in an age where records that were once on paper protected by security guards are now digitized protected by nothing.
The sad truth is college aged students are very susceptible to identity theft: they post every detail of their life online and are just beginning to understand financial security.
I believe among the responsibilities of any organization that one belongs to is the protection of their subjects’ personal information. Jacksonville State University among others have failed to honor this responsibility.
You know what’s scarier than your address and phone number being released on a website? Not knowing that your SSN, credit card, and account numbers are being silently collected every day by cybercrime organizations.
In lieu of similar compromises our academic institutions will hopefully adapt from this misfortune.