A surprising amount and range of confidential information was compromised at Pamlico Community College as the result of the hacking of its system. Reportedly, a single hacker was able to crack the password of a patron and infiltrate the database of library patrons, who may or may not have had their social security and driver's license numbers stored on the library's systems. 51,000 library patrons from 25 community colleges will be notified of the attack and the possibility that their information was compromised. In the notification letters, individuals will be notified as to whether or not their SSN or license numbers were stored on the system, and therefore possibly compromised.
As stated, the hacker decoded a patron's account to hack the system. After doing this, it sounds as though he was easily able to infiltrate the system further, accessing the information of other patrons. This is likely evidence of a weak encryption system at the library.
In reflecting on how this situation could have been prevented, one question stands out in my mind - why did a library have such confidential information on its patrons? The library has now stated that it has removed such information from its systems, proving that it was not serving any particular purpose there in the first place. In examining one's systems, an organization should be sure that it is not holding unnecessary information on its clients; this is an easy step in ensuring that it can not be compromised. In addition to this, the library should strengthen general information security as it appears the hacker had no trouble delving into their system.
Source:
http://www.enctoday.com/news/college-50645-nbsj-security-library.html
Saturday, December 19, 2009
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment