Net Net: Promoting innovation and managing change
Net Net: Promoting innovation and managing change

Yale Security Breach Reveals Data About Students and Staff

Yale University recently sent letters to alumni, faculty and staff informing them that the names and Social Security numbers of 43,000 people affiliated with Yale have been available to Google search engine users for the past 10 months.

"A Yale computer file that contained your name and Social Security number was stored for 10 months in a way that left it accessible to Google Internet searches," the letter explained. "The computer file was created in 1999 and was inadvertently moved to an insecure section of a computer server in July 2005. At that point, the file was no longer fully protected but could not be located by an ordinary Internet search engine. The situation changed in September 2010, when Google modified its search engine in a way that allowed it to locate files stored on servers like the one holding this file."

The letter came from Yale's Information Technology Services Director Len Peters. It offers those whose information was made available two years of free identity theft insurance.

"We have no indication that your information has been misused," the letter read.

Yale says it discovered the problem on June 30. The letters were dated August 10th.

"As soon as Yale learned of the problem, the file was removed from the Yale computer and Google removed it from its search engine. We have confirmed that this file is no longer accessible through Google .

Based on our research, there is no evidence that other major search engines, including Yahoo and Bing , could or did locate the file, and, therefore, the Yale information never would have been displayed in any of their search returns," Peters writes.

It's not clear why the information was stored in any publicly accessible files. The Yale Daily News reports that the data was stored on an file transfer protocol server whose only security was that they had innocuous names.

Yale could not immediately be reached for comment.

Questions? Comments? Email us at

Follow John on Twitter @

Follow NetNet on Twitter @

Facebook us @