[Vision2020] University of Idaho Security Breach

J Ford privatejf32 at hotmail.com
Sat Mar 10 12:25:24 PST 2007 

Question:  With all the other problems, financial and otherwise, that the UI 
is facing, doesn't this just put another nail in the lid of the coffin of 
"Let's Move The UI To Boise"?  I mean, doesn't this just prove that the 
people in the Moscow Offices are simply not capable of running a higher 
education institution securely and with any kind of assurance of privacy or 
financial responsibility for both the students and the employees?

If I were a parent of children considering entering this school, I would 
seriously think twice about doing so after the last couple of years' worth 
of mis-steps.  And sorry, but the crap HAS to begin falling from the top as 
ultimately, Dr. White is absolutely the one in charge.

J  :]





>From: "Saundra Lund" <sslund at roadrunner.com>
>To: "'Debbie Gray'" <graylex at yahoo.com>, "'Tom Hansen'" 
><idahotom at hotmail.com>,        "'vision2020'" <vision2020 at moscow.com>,      
>   "'Rose & Don Huskey'" <donaldrose at cpcinternet.com>
>Subject: Re: [Vision2020] University of Idaho Security Breach
>Date: Sat, 10 Mar 2007 11:54:07 -0800
>
>Hi Debbie & Other Visionaires:
>
>For arguments sake, I'd like to leave Tim White out of my comments because
>he's not my boss  <g>.  Too, it seems to me (and I could be wrong) the
>reality of incredibly lax data security within the UI existed long before
>Tim White took the helm.  Perhaps data security was a non-issue for him in
>his previous positions because those places had excellent policies in 
>place,
>so it wasn't something he'd ever really thought about.
>
>In any case, I don't think any reasonable person would argue against the
>obvious fact that this is a huge problem the UI -- and Tim White -- needs 
>to
>get deadly serious about *now.*  Whatever other problems the UI may have 
>and
>whatever other strikes the UI may have against it when potential employees
>and students are evaluating employment and/or educational opportunities,
>that last thing it needs heaped on is a reputation of
>***repeatedly***putting its thousands of employees, students, and donors at
>grave financial risk due to these kind of serious -- and at this point
>inexcusable -- security breaches.
>
>You wrote:
>". . . but I also receive these kinds of letters from huge financial places
>like Citibank and Chase (or have they merged into the same uni-bank?). I
>hadn't thought to post them online here"
>
>I don't mean to be flip, but what's your point?  That it's happened
>elsewhere somehow minimizes the importance of it happening time and again
>here at Latah County's largest employer and Idaho's flagship institution of
>higher learning to UI employees and students?
>
>Somehow, it doesn't comfort me at *all* to know it's happened elsewhere --
>this is *not* one of those times when I think it's helpful at all for 
>Moscow
>or the UI to make the news  :-(
>
>And, just because it's happened elsewhere doesn't make it OK that it's
>happened at the UI at least three times in the last year  :-(
>
>Further, I've read the UI drivel (sorry, but that's MHO) about this
>happening other places, too, but the *reality* is that there are thousands
>of educational institutions where this *hasn't* happened even once, let
>alone time after time after sorry time  :-(
>
>Our family has its financial dealings with several different companies, and
>we've not had our information compromised from them -- I'm sorry it's
>happened to you  :-(  Two of the things I research when deciding who to do
>business with is privacy and security policies.  It does me no good to take
>all the personal precautions I've taken for years to safeguard our personal
>data when these kinds of breaches have become ho-hum at the UI.
>
>My hope for you is that Citibank or Chase (or whatever company it was) took
>that breach seriously and has heightened security so that it will *never*
>happen again.
>
>Unfortunately, that's clearly not what's happened yet at the UI in spite of
>repeated breaches and the warning being sounded for years  :-(
>
>Of course, breaches of these type wouldn't be so chilling and dangerous if
>federal and state legislators would get off their arses and get some
>meaningful legislation passed.  Not surprisingly, I suppose, Idaho
>legislators seem to be ignoring the threat of identity theft, one of the
>fastest growing financial crimes -- something like 10 *million* Americans
>become victims *each* year.
>
>For those interested in learning more about what you can do to protect
>yourself from identity theft, you might want to check out this free report
>from Consumer Reports:
>http://tinyurl.com/ys9akk
>
>And, I cannot strongly enough urge each of us to contact our legislators to
>demand that they get busy passing a state security freeze law.  For those
>who missed it when I posted it previously, here's an easy way to let your
>voice be heard on this issue:
>http://tinyurl.com/ynw87h
>The rest of the site has some great information as well, so I encourage
>folks to take some time to explore the site and further educate themselves.
>
>Personally, I'd like to see a silver lining come from this cloud of UI data
>INsecurity.  If we are able to use the security breaches to motivate our
>legislators to strengthen protections -- something that's LONG overdue --
>then at least something good that will benefit all Idaho citizens will be
>the result.
>
>
>JMHO,
>Saundra Lund
>Moscow, ID
>
>The only thing necessary for the triumph of evil is for good people to do
>nothing.
>- Edmund Burke
>
>***** Original material contained herein is Copyright 2006, Saundra Lund.
>Do not copy, forward, excerpt, or reproduce outside the Vision 2020 forum
>without the express written permission of the author.*****
>
>-----Original Message-----
>From: vision2020-bounces at moscow.com [mailto:vision2020-bounces at moscow.com]
>On Behalf Of Debbie Gray
>Sent: Saturday, March 10, 2007 9:16 AM
>To: Tom Hansen; vision2020
>Subject: Re: [Vision2020] University of Idaho Security Breach
>
>Tom, what sort of continuous embarassments do you
>refer to? It's easy for you to attack a big target it
>seems. I think he has brought a stabilizing presence
>to our campus and has been pretty progressive in a lot
>of his initiatives.
>
>I did receive one of these letters and agree that it
>was an odd way to handle it (no news releases that i
>heard of, semi-helpful webpage) but I also receive
>these kinds of letters from huge financial places like
>Citibank and Chase (or have they merged into the same
>uni-bank?). I hadn't thought to post them online here
>=)
>
>I am curious what exactly you dislike about Tim White
>and his work at the UI? And why?
>
>Debbie Gray
>
>--- Tom Hansen <idahotom at hotmail.com> wrote:
>
> > My sentiments exactly, Rose.
> >
> > I strongly believe that the University of Idaho is
> > due for a major
> > administrative overhaul (including employment
> > terminations), starting at the
> > UI President's office and proceeding door-to-door in
> > the administration
> > building.
> >
> > UI President White's "regime" has been nothing short
> > of a continuous source
> > of embarrasments and excuses since its inception.
> > Perhaps we should change
> > a few office nameplates.
> >
> > Tom Hansen
> > Moscow, Idaho
> > UI '96
> >
> >
> > >From: "donald huskey" <donaldrose at cpcinternet.com>
> > >To: <vision2020 at moscow.com>
> > >Subject: [Vision2020] University of Idaho Security
> > Breach
> > >Date: Fri, 9 Mar 2007 22:45:00 -0800
> > >
> > >Visionaries:
> > >
> > >
> > >
> > >"In February 2007, a file containing data
> > downloaded from Banner by an
> > >authorized user for legitimate University research
> > purposes was posted to
> > >the University of Idaho Web site, where it was
> > accessed from within and
> > >outside of the University. The file was removed
> > from the Web site by the
> > >university's Information Technology Services office
> > immediately upon
> > >discovery, 19 days after posting. The data in the
> > file included personal
> > >information for University employees, including
> > name, birth date, employee
> > >i.d. number and Social Security number. The file
> > did not include any
> > >personal financial account numbers. "
> > >
> >
> >http://www.vandalidentity.net/default.aspx?pid=97037
> > >
> > >
> > >
> > >Approximately 2300 records of UI employees were
> > involved in the security
> > >breach described above.  The link provided offers
> > further information.
> > >
> > >
> > >
> > >It is reprehensible that no apology has been issued
> > by the University,
> > >that
> > >President Tim White failed to mention this very
> > significant issue in his
> > >Friday letter,  and that the timing of the
> > announcement and notification to
> > >employees was the Friday afternoon prior to  Spring
> > break.
> > >
> > >
> > >
> > >The administrative credibility of the University of
> > Idaho is plummeting  to
> > >a new low with this latest egregious blunder.
> > >
> > >
> > >
> > >Rose Huskey
>
>
>=======================================================
>  List services made available by First Step Internet,
>  serving the communities of the Palouse since 1994.
>                http://www.fsr.net
>           mailto:Vision2020 at moscow.com
>=======================================================

_________________________________________________________________
Get a FREE Web site, company branded e-mail and more from Microsoft Office 
Live! http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/

More information about the Vision2020 mailing list