LDAP Configuration Error Puts Social Security Numbers At Risk

By Adam Dodge - Posted on January 20th, 2009

Quick Facts

Date: 1/20/2009
Institution: University of Florida
Type of Incident: Unauthorized Disclosure
Number Affected: 101
Source: ESI
source: University of Florida Privacy Office

Abstract
The University of Florida announced that it has discovered a error in its LDAP system that potentially exposed private information. The error allowed outside access to the LDAP directory which contained Social Security numbers, used as student identifiers prior to 2003. An investigation into the error discovered the outside access was enabled an accident four months ago. The investigation did find queries that could have returned the user IDs and Social security numbers of 101 individuals. UF staff immediately remove the Social Security numbers from the LDAP directory. The University of Florida has also set up a web site - privacy.ufl.edu/incidents/2009/ldap/answers.html - with more information on the incident.

Printer-friendly version

Monthly Archives

Syndicate

Not a fan of RSS, but still want to know when new incidents appear on ESI? Subscribe to e-mail alerts, powered by FeedBurner

Let Us Know

Know of an incident not listed here? Find a mistake in one of the incidents? Have a comment or recommendation for the editors? Let us know by using the Contact Us form.

Educational Security Incidents (ESI)

Sometimes the free flow of information is unintentional