[Vision2020] University of Idaho Security Breach

Saundra Lund sslund at roadrunner.com
Sat Mar 10 12:51:15 PST 2007 

That's right, heirdog Doug Farris:  just keep right on being a part of the
problem rather being a part of the solution because that's what you're
really good at.

Visionaires, please accept my sincere apology that the mere vision of my
name here drew Farris out of his cave to subject us all to more of his too
clever by half childish crowing.


Saundra Lund
Moscow, ID

The only thing necessary for the triumph of evil is for good people to do
nothing.
- Edmund Burke

***** Original material contained herein is Copyright 2007 through life plus
70 years, Saundra Lund.  Do not copy, forward, excerpt, or reproduce outside
the Vision 2020 forum without the express written permission of the
author.*****

-----Original Message-----
From: heirdoug at netscape.net [mailto:heirdoug at netscape.net] 
Sent: Saturday, March 10, 2007 12:22 PM
To: sslund at roadrunner.com; vision2020 at moscow.com
Subject: [Vision2020] University of Idaho Security Breach

I wasn't going to chime in on this subject but Saundra's comments cause 
me to muse.

First off I guess Saundra's husband no longer gets a paycheck from the 
UoI therefore Tim White is no longer his boss either.

Second, Saundra hits the nail on the head. What we need is not a 
solution but more government involvement and oversight and laws via 
greater legeslation. So y'all call your rep.

And third. Saundra you need to change your Copyright date in your 
signature. It's now well into 2007. My how time flies.

-----Original Message-----
From: vision2020-bounces at moscow.com [mailto:vision2020-bounces at moscow.com]
On Behalf Of Saundra Lund
Sent: Saturday, March 10, 2007 11:54 AM
To: 'Debbie Gray'; 'Tom Hansen'; 'vision2020'; 'Rose & Don Huskey'
Subject: Re: [Vision2020] University of Idaho Security Breach

Hi Debbie & Other Visionaires:

For arguments sake, I'd like to leave Tim White out of my comments because
he's not my boss  <g>.  Too, it seems to me (and I could be wrong) the
reality of incredibly lax data security within the UI existed long before
Tim White took the helm.  Perhaps data security was a non-issue for him in
his previous positions because those places had excellent policies in place,
so it wasn't something he'd ever really thought about.

In any case, I don't think any reasonable person would argue against the
obvious fact that this is a huge problem the UI -- and Tim White -- needs to
get deadly serious about *now.*  Whatever other problems the UI may have and
whatever other strikes the UI may have against it when potential employees
and students are evaluating employment and/or educational opportunities,
that last thing it needs heaped on is a reputation of
***repeatedly***putting its thousands of employees, students, and donors at
grave financial risk due to these kind of serious -- and at this point
inexcusable -- security breaches.

You wrote:
". . . but I also receive these kinds of letters from huge financial places
like Citibank and Chase (or have they merged into the same uni-bank?). I
hadn't thought to post them online here"

I don't mean to be flip, but what's your point?  That it's happened
elsewhere somehow minimizes the importance of it happening time and again
here at Latah County's largest employer and Idaho's flagship institution of
higher learning to UI employees and students?

Somehow, it doesn't comfort me at *all* to know it's happened elsewhere --
this is *not* one of those times when I think it's helpful at all for Moscow
or the UI to make the news  :-(

And, just because it's happened elsewhere doesn't make it OK that it's
happened at the UI at least three times in the last year  :-(

Further, I've read the UI drivel (sorry, but that's MHO) about this
happening other places, too, but the *reality* is that there are thousands
of educational institutions where this *hasn't* happened even once, let
alone time after time after sorry time  :-(

Our family has its financial dealings with several different companies, and
we've not had our information compromised from them -- I'm sorry it's
happened to you  :-(  Two of the things I research when deciding who to do
business with is privacy and security policies.  It does me no good to take
all the personal precautions I've taken for years to safeguard our personal
data when these kinds of breaches have become ho-hum at the UI.

My hope for you is that Citibank or Chase (or whatever company it was) took
that breach seriously and has heightened security so that it will *never*
happen again.

Unfortunately, that's clearly not what's happened yet at the UI in spite of
repeated breaches and the warning being sounded for years  :-(

Of course, breaches of these type wouldn't be so chilling and dangerous if
federal and state legislators would get off their arses and get some
meaningful legislation passed.  Not surprisingly, I suppose, Idaho
legislators seem to be ignoring the threat of identity theft, one of the
fastest growing financial crimes -- something like 10 *million* Americans
become victims *each* year.

For those interested in learning more about what you can do to protect
yourself from identity theft, you might want to check out this free report
from Consumer Reports:
http://tinyurl.com/ys9akk

And, I cannot strongly enough urge each of us to contact our legislators to
demand that they get busy passing a state security freeze law.  For those
who missed it when I posted it previously, here's an easy way to let your
voice be heard on this issue:
http://tinyurl.com/ynw87h
The rest of the site has some great information as well, so I encourage
folks to take some time to explore the site and further educate themselves.

Personally, I'd like to see a silver lining come from this cloud of UI data
INsecurity.  If we are able to use the security breaches to motivate our
legislators to strengthen protections -- something that's LONG overdue --
then at least something good that will benefit all Idaho citizens will be
the result.


JMHO,
Saundra Lund
Moscow, ID

The only thing necessary for the triumph of evil is for good people to do
nothing.
- Edmund Burke

***** Original material contained herein is Copyright 2006, Saundra Lund.
Do not copy, forward, excerpt, or reproduce outside the Vision 2020 forum
without the express written permission of the author.*****

-----Original Message-----
From: vision2020-bounces at moscow.com [mailto:vision2020-bounces at moscow.com]
On Behalf Of Debbie Gray
Sent: Saturday, March 10, 2007 9:16 AM
To: Tom Hansen; vision2020
Subject: Re: [Vision2020] University of Idaho Security Breach

Tom, what sort of continuous embarassments do you
refer to? It's easy for you to attack a big target it
seems. I think he has brought a stabilizing presence
to our campus and has been pretty progressive in a lot
of his initiatives. 

I did receive one of these letters and agree that it
was an odd way to handle it (no news releases that i
heard of, semi-helpful webpage) but I also receive
these kinds of letters from huge financial places like
Citibank and Chase (or have they merged into the same
uni-bank?). I hadn't thought to post them online here
=)

I am curious what exactly you dislike about Tim White
and his work at the UI? And why?

Debbie Gray

--- Tom Hansen <idahotom at hotmail.com> wrote:

> My sentiments exactly, Rose.
> 
> I strongly believe that the University of Idaho is
> due for a major 
> administrative overhaul (including employment
> terminations), starting at the 
> UI President's office and proceeding door-to-door in
> the administration 
> building.
> 
> UI President White's "regime" has been nothing short
> of a continuous source 
> of embarrasments and excuses since its inception. 
> Perhaps we should change 
> a few office nameplates.
> 
> Tom Hansen
> Moscow, Idaho
> UI '96
> 
> 
> >From: "donald huskey" <donaldrose at cpcinternet.com>
> >To: <vision2020 at moscow.com>
> >Subject: [Vision2020] University of Idaho Security
> Breach
> >Date: Fri, 9 Mar 2007 22:45:00 -0800
> >
> >Visionaries:
> >
> >
> >
> >"In February 2007, a file containing data
> downloaded from Banner by an
> >authorized user for legitimate University research
> purposes was posted to
> >the University of Idaho Web site, where it was
> accessed from within and
> >outside of the University. The file was removed
> from the Web site by the
> >university's Information Technology Services office
> immediately upon
> >discovery, 19 days after posting. The data in the
> file included personal
> >information for University employees, including
> name, birth date, employee
> >i.d. number and Social Security number. The file
> did not include any
> >personal financial account numbers. "
> >
>
>http://www.vandalidentity.net/default.aspx?pid=97037
> >
> >
> >
> >Approximately 2300 records of UI employees were
> involved in the security
> >breach described above.  The link provided offers
> further information.
> >
> >
> >
> >It is reprehensible that no apology has been issued
> by the University,  
> >that
> >President Tim White failed to mention this very
> significant issue in his
> >Friday letter,  and that the timing of the
> announcement and notification to
> >employees was the Friday afternoon prior to  Spring
> break.
> >
> >
> >
> >The administrative credibility of the University of
> Idaho is plummeting  to
> >a new low with this latest egregious blunder.
> >
> >
> >
> >Rose Huskey

More information about the Vision2020 mailing list