Archive for the ‘Hawaii’ Category

University of Hawaii Receives F for Poor Data and Identity Protection Practices

Wednesday, November 17th, 2010

FOR IMMEDIATE RELEASE
Media Contact: Aaron Titus
(301) 630-3430
(202) 669-2969

WASHINGTON, D.C. The Liberty Coalition today issued Part 1 of a report on the breaches of personal information in the State of Hawaii. The report was written at the request of Hawaii State Senator Mike Gabbard, and analyzes the underlying causes of all documented Hawaii breaches, since 2005. The precipitating event leading to the report was the recent University of Hawaii Breach affecting more than 40,000 alumni.

Key findings of the 6,000-word report include:

  • Since 2005, at least 479,000 Hawaii records have been breached: Almost one for every three residents.
  • The University of Hawaii is responsible for 54% of all breaches in Hawaii (259,000 records); more than all other Hawaii organizations combined.
  • As the single biggest contributor to Hawaii data breaches, the University of Hawaii has a pattern of breaches and unfulfilled promises.
  • The Liberty Coalition gives the University of Hawaii an “F” for Privacy and Data Security
  • Neither business nor academic organizations have adequate market incentives to keep personal information secure.
  • Breach notifications are vague and fail to empower victims. Victims cannot know which breach caused identity fraud, cannot hold organizations accountable, or protect themselves.
  • After a brief rest from breaches in 2008, Hawaii is experiencing another spike in reported breaches.
  • Hawaii breach notification law implies that corporations can “own” personal information. This notion has no basis in intellectual property law and is dangerous

Part 2 of the report will outline legislative solutions to the problems identified in this report. Part 2 will be issued in the coming weeks or months.

The Liberty Coalition will hold a press conference on Thursday, November 18th at 11:00am HST/ 4:00pm EDT to summarize the report and field questions about the report from the press and members of the public who have been affected by a breach.
Dial: (610) 214-0200
Conference Code: 863597#

-Aaron Titus
Information Privacy Director
Liberty Coalition
(202) 669-2969
www.nationalidwatch.org
wiki.privacycommons.org
www.libertycoalition.net
Twitter: @aarontitus

For anyone who wants to take concrete steps to help protect their identity, one thing you can do is to check your credit score and/or have it monitored to ensure you know exactly what’s going on. For those that have been affected by this or any other potential identity theft, keeping tabs on your credit report is one of the absolute best steps you can take as identity theft crooks usually start by applying for new identification cards or credit cards.

If you would like,there are free credit reports, scores along with credit monitoring services being offered by FreeCreditReport.com. Just be careful and make sure you know exactly what you’re getting or signing up for.

Technorati Tags: , , ,

Tags: , , ,
Posted in Hawaii, Identity Theft and Protection | 1 Comment »

University of Hawaii at Manoa Addresses Data Breach of 40,000 Former Students

Tuesday, November 2nd, 2010

Liberty Coalition Reaches Out to Victims of UH Breach: Wednesday Conference Call
FOR IMMEDIATE RELEASE: Nov. 1, 2010
Media Contact: Aaron Titus
(202) 669-2969 (cell)
aaron@nationalidwatch.org

As a part of its ongoing support to the more than 40,000 University of Hawaii alumni affected by the recent breach of personal information, the Liberty Coalition will hold a conference call for the press, UH Alumni, and the security community on Wednesday, November 3, 2010 at 10:30 AM HST/ 4:30 PM EST. Liberty Coalition Privacy Director Aaron Titus will explain the details of the investigation, and answer questions from the press, alumni and members of the security community . Representatives from the University of Hawaii were also invited to participate on the call.

The Liberty Coalition has already fielded dozens of questions from concerned alumni, which will be addressed at the press conference (to the extent possible), including:

• What new risks do victims face? Could this breach affect existing credit cards?
• Why has the name of the faculty member been withheld?
• “…if the university knew about this since mid-October… why only tell everyone now?”
• Why did the faculty member take the personal information home?
• Who authorized the faculty member to have access to SSNs?
• Why didn’t the university get permission from alumni before using their personal information for a study?
• Will UH pay for credit monitoring?
• Who is going to get fired over this? What legal consequences will UH face over this breach?
• What will UH do to make sure this kind of breach won’t happen again?

The call will be recorded and posted at nationalidwatch.org. More information is available at nationalidwatch.org.

-Aaron Titus
Information Privacy Director
Liberty Coalition
www.nationalidwatch.org
wiki.privacycommons.org
www.libertycoalition.net
Twitter: @aarontitus

If you would like, credit reports and scores along with credit monitoring services are being offered by EquiFax and FreeCreditReport.com. Be sure you know exactly what you are signing up for before you hit any order buttons.

Technorati Tags: , , , , , ,

Tags: , , , , , ,
Posted in Hawaii, Identity Theft and Protection | 1 Comment »

Massive Data Breach at University of Hawaii Involves 40,000 Former Students

Friday, October 29th, 2010

Added Nov 9, 2010

As part of a PR push and drive to decrease identity theft, MyFICO.com has allowed us to offer free credit score checking to not only former students, but anyone else who feels the need to ensure their identity is intact. So, if you are a former student of the University of Hawaii, or anyone else, check your credit score and make sure you are not a victim of identity theft. Start at EquiFax.com.

Seems that whenever a breach of personal information occurs whether it’s by a hospital, school, or other institution, the number of people involved is mind-boggling. Recently, it was discovered that that the University of Hawaii had inadvertently posted the social security numbers, grades, and other personal information of 40,000 former students online. Get this…they have been accessible by a simple Google search for the past year. So, if you perchance attended the University of Hawaii, Manoa between 1990 and 1998, then your personal information was available for the world to see.
university of Hawaii accidentally posts sensitive information of 40,000 past students online for the world to see.

Apparently the files were accidently uploaded to an unprotected server by a faculty member conducting a study of the success rate of Manoa. The faculty member had retired in June. My next question is; WHY was it so simple to move around the very personal and sensitive information from 40,000 individuals. WHY does the University not develop a system where sensitive information is replaced with a more generic system of identification? Point is, the kind of information that identity theft crooks are looking for, is treated far too carelessly by the majority of institutions and organizations. That’ s why I personally always think two, three, or four times about entering anything, anywhere.

Of course, when the University found out, they immediately when on a “cover our butts” spree and stated the faculty member did not seem to be acting maliciously. Their spokesman, Ryan Mielke also stated that there didn’t appear to be misuse of the information. Yup, they know exactly who was able to see the data on Google, and exactly who decided to steal it and wreck someone else’s life. To their credit, the University apologize and immediately reported the incident to the FBI and Honolulu police. Plus, they are attempting to notify everyone involved: “We are troubled (and) determined to notify everyone according to law and committed to do everything possible in the future to prevent this from happening,” UH system spokeswoman Tina Shelton said.

However, the most disturbing part of this incident is that this breach is the third major misstep within the University of Hawaii system within the past YEAR. University officials promised to step up their IT security efforts after each breach, but the blunders just keep piling up. The next problem is that the U of H wasn’t even aware of the problem until notified by Aaron Titus of Liberty Coalition on October 18. Google  also cleared their caches late Thursday, the 28th of October some 11 months after the data was uploaded. “During that time, theoretically, anybody with an Internet connection could have had access to it. How likely that is … is anybody’s guess,” said Titus, who discovered the files under a Google search.

Titus also stated: “Of course they don’t have any evidence of misuse, because the bad guys wouldn’t tell them if they had.” M.R.C. Greenwood, the president of the U of H, has met with all the chancellors of the University system that includes 10 campuses. They have set up a call center and website for those who may have been affected. The University is in the process of contacting the affected individuals by postal mail and email. Anyone with questions may call (808) 956-6000 on weekdays between 8:00 a.m. – 4:30 p.m. A webpage with answers to frequently asked questions is also available at:www.uhwo.hawaiii.edu/idalert. Updates will be posted as they become available.

Technorati Tags: , , , , , , , , ,

Tags: , , , , , , , , ,
Posted in Hawaii, Identity Theft and Protection | 1 Comment »