Security and privacy: University breach, student info, Tinder app, nursing-home data

Security and privacy, they’ve got some real issues:

• Add University of Maryland to the growing list of universities that have been hacked in the past few years. Stolen in a reportedly sophisticated cyberattack: 300,00-plus records — names, Social Security numbers, birthdates and school ID numbers — for any students, faculty and staff who have been issued a university ID since 1998. How might this information be useful to hackers? If you remember being bombarded with credit-card offers while in college, there’s one use: accounts opened in someone else’s name.

• Speaking of schools, California Sen. Darrell Steinberg, D–Sacramento, is today introducing the Student Online Personal Information Protection Act (SOPIPA). It would strengthen privacy and security protections around the information collected about students from grades K to 12 by companies that provide education-related online services. Some of these companies collect a little too much information, such as the number of rooms in students’ homes and how many parents students live with, according to Steinberg’s press release today. Among other things, SOPIPA would prohibit the use of student information for commercial purposes and would require that data be encrypted. If enacted, it could change the business of apps makers and others in the education-technology industry.

• All they wanted to do was hook up with people in roughly the same vicinity, but they probably didn’t count on having their exact locations (to within about 100 feet) exposed.  Users of mobile dating app Tinder were vulnerable to the app’s security flaw for months, according to Bloomberg Businessweek. Security researchers said they informed Tinder of the vulnerability in October, but that the issue wasn’t fixed until right before the start of the year. A company representative disputes that, saying the problem was fixed within 48 hours.

• Finally, amid the push to digitize medical records, here’s more on how hackers are increasingly posing a threat to the health-care industry, as our own Steve Johnson wrote. An example: The Wall Street Journal reported that researchers found a free file-sharing website containing documents that could give hackers access to health-care providers’ medical records and payment information. The information exposed included passwords to network firewalls and more. San Mateo-based Norse was one of the cybersecurity companies that discovered the documents on; it’s unknown whether the exposed information led to stolen personal information.


Photo illustration from MCT archives


Tags: , , , , , , , , , , , ,


Share this Post

  • Miranda

    Were any of these companies using a two-factor authentication solution??