« Previous Post · Next Post »

Hilarious Housing & Dining Social Security Number Mishap

One recent grad forwarded Bwog the following email, which contains some bad news for the unluckiest 5,000 of you. Apparently, housing information that included names and social security numbers was accidentally posted online by a former student employee in February 2007.

Housing & Dining is very sorry, and has even bought you and your probably-stolen social security numbers an apology gift to make it up to you: "As an additional precaution, Columbia has arranged for you to receive a free two-year subscription to a credit monitoring service, Identity Guard CreditProtectX3SM. This service will provide you with a copy of your credit report, monitor your credit files at all three major credit bureaus and notify you of certain suspicious activities that could indicate identity theft."

Full email after the jump.

UPDATE 11:32 PM: One Bwog operative calling himself "Person who's SSN was exposed" has located via Google cache the Excel document that used to contain the SSNs and names in question. According to the aforementioned operative, the Excel document was created apparently in relation to "a HW for CS4733, aka 'Computational Aspects of Robotics.'" Also, the Spec has published the story.

UPDATE 11:11 AM: A Bwog writer and SSN victim just called Student Services and the email is not, in fact, a scam. Sorry folks.

---------- Forwarded message ----------
From: Student Services Assist <studentservices-assist@columbia.edu>
Date: Tue, 10 Jun 2008 19:25:55 -0400
Subject: Important Security Information
To: [redacted]

June 10, 2008

[Home address of recipient redacted]

"Dear [Redacted]:

On June 3, Columbia University's Housing and Dining department was
informed that one archival database file containing the housing
information of approximately 5,000 current and former undergraduate
students was found on a Google-hosted website. Google removed this file,
at our request, that same day.

Columbia Public Safety investigators have concluded that this security
breach was unintentional. No financial data was included in the file in
question, and we have no evidence of wrongdoing or identity theft. It
appears that the file was inadvertently posted by a former student
employee in February 2007. Nevertheless, it is important for you to be
aware that your name and Social Security Number were included in the file.
We are very sorry for this occurrence.

Information security is a serious issue for us, as we know it is for you.
Columbia University is continually strengthening its measures to protect
Social Security Numbers where they are required in our systems. Housing &
Dining manually eliminated Social Security Numbers from its online room
selection process and contracts in April 2007. Further, in spring 2008,
Columbia Housing and Dining implemented a new software system to manage
and improve the housing assignment, contract, and billing processes which
also does not use Social Security Numbers. Unfortunately, this file was
uploaded prior to when these changes were made.

As an additional precaution, Columbia has arranged for you to receive a
free two-year subscription to a credit monitoring service, Identity Guard
CreditProtectX3SM. This service will provide you with a copy of your
credit report, monitor your credit files at all three major credit bureaus
(Equifax, Experian and Trans Union) and notify you of certain suspicious
activities that could indicate identity theft. You will receive additional
information about enrolling in this service in the next week.

If you do not wish to enroll in this service, you may still choose to
activate a fraud alert with the major credit bureaus, or periodically
request a credit report to look for potential irregularities and ensure
that no new accounts have been activated in your name. Each agency has an
automated fraud alert process. If you activate a fraud alert, the agency
you contact will notify the other two agencies so that those agencies also
can place fraud alerts on your accounts. In addition, each agency will
provide you a copy of your credit report at no cost. The contact
information for the credit agencies is as follows:

Equifax - (800) 525-6285 - www.equifax.com
Experian - (888) 397-3742 - www.experian.com
Trans Union - (800) 680-7289 - www.transunion.com

We sincerely apologize for the inconvenience this has caused you. Please
know that we take the protection of your identity seriously. We are
confident that the changes we have made since this file was posted have
made all students and alumni safer.

If you should have any questions or comments, please contact us by calling
1(888) 882-7331 or by emailing studentservices-assist@columbia.edu
(mailto:studentservices-assist@columbia.edu).

Sincerely,


Scott Wright
Vice President
Student Auxiliary & Business Services"

See also: Dining, Housing, Mishaps, Ssn Snafu, Ssnafu

June 10, 2008 @ 8:01 PM · 133 comments · Post a comment · · · Share on Facebook

Posted by Ha... : #1 · reply · track
June 10, 2008 at 8:24 PM (from campus)
Columbia strikes again. Might as well tell us we've all caught meningitis and give us a "Cold Packet" as compensation.
Posted by FREE! : #2 · reply · track
June 10, 2008 at 8:37 PM
I'm all for free stuff. Hopefully I wasn't among the 5,000, though.
Posted by CC'09 : #3 · reply · track
June 10, 2008 at 8:37 PM (from campus)
Why do current students not get a 2 yr subscription to that? Wtf?
Posted by how do we know : #4 · reply · track
June 10, 2008 at 8:39 PM (from campus)
if we were among the 5000?
Posted by hate : #5 · reply · track
June 10, 2008 at 8:43 PM
this school. hate it. You probably know you were among the 5000 if you got an email telling you so:

"Nevertheless, it is important for you to be

aware that your name and Social Security Number were included in the file."
Posted by CC 07 : #6 · reply · track
June 10, 2008 at 8:44 PM
Since Columbia issued me a fake SSN due to my lack of one, joke is on anyone that tries to use it.
Posted by I love that... : #7 · reply · track
June 10, 2008 at 8:50 PM (from campus)
they had the file removed the day it was discovered. Good Work, although this quick action was somewhat trivial since it had been up for 16 MONTHS PRIOR.

Posted by And : #8 · reply · track
June 10, 2008 at 9:08 PM
It's such a good job that they went to the trouble of making the IDs without SSNs on them, and waited for off campus flex, give that for the past year and a half everyone's SSNs were apparently readily available!
Posted by you know : #9 (in reply to #4) · reply · track
June 10, 2008 at 9:15 PM (from campus)
because they email you.

unfortunately they emailed me. :(
Posted by who loves how : #10 · reply · track
June 10, 2008 at 9:54 PM
they wait to tell you until the end of the second paragraph? as if to prepare you for the blow, that you identity has been posted for the world's leisurely viewing.

well, as a fellow poster has commented, free stuff is nice. even if it means that, because my identity has been stolen, my fake self out selling stolen cars somewhere will be using the loot instead of me.

Posted by wtf : #11 · reply · track
June 10, 2008 at 10:00 PM
how do we know that this email isn't a fraud??
Posted by we were : #12 · reply · track
June 10, 2008 at 10:02 PM (from campus)
pwned.
Posted by this annoys me : #13 · reply · track
June 10, 2008 at 10:15 PM
farking columbia

even the adorable lolcat doesn't make up for the fact i'm going to have to check my credit now
Posted by jon : #14 (in reply to #11) · reply · track
June 10, 2008 at 10:15 PM
i called housing and they said "we only heard about it after a few students called in to tell us..." they suggested i call public safety.

public safety said that they just heard about it and they think its spam...

Posted by jon : #15 (in reply to #14) · reply · track
June 10, 2008 at 10:16 PM
SCAM rather...

meanwhile, someone knows all of our mailing addresses
Posted by DHI : #16 · reply · track
June 10, 2008 at 10:27 PM
Fuck this, man.

I don't give a shit if they know my "housing information." Some asshole comes to where I live, well then at least I got a chance.

But social security number, damn.

Whose fucking idea was it to have some number that fucks you over if it goes public and makes it hard to get jobs if it ever changes?

Posted by DHI : #17 · reply · track
June 10, 2008 at 10:32 PM
I am at work right now making money for some identity thefter.
Posted by Legal : #18 · reply · track
June 10, 2008 at 10:36 PM (from campus)
Is there any kind of legal action we can take? Columbia has done this before, done it now, and will do it again. Any thoughts?
Posted by bwog? : #19 (in reply to #14) · reply · track
June 10, 2008 at 11:20 PM
can you please try and verify this e-mail?
Posted by the cute lolcat : #20 · reply · track
June 10, 2008 at 11:22 PM
makes me feel somewhat better.
Posted by ummm : #21 (in reply to #19) · reply · track
June 10, 2008 at 11:27 PM
yeah.. because I got this and I was pretty freaking pissed off. But what if it is just some scam and the email to come later is a pishing email! It could be a very elaborate/brillant pishing scheme.
Posted by ummm again : #22 (in reply to #21) · reply · track
June 10, 2008 at 11:30 PM
and wait what the heck the email is from "Student Services Assist" ... that definitely does not exist. Plus why would columbia have us calling an 888 number? Definitely fake.
Posted by Well : #23 · reply · track
June 10, 2008 at 11:40 PM
If this is spam I would actually be even more freaked out given that it had my home address at the top.
Posted by DHI : #24 · reply · track
June 10, 2008 at 11:47 PM
If this is a scam, what you supposed to be doing?

I ain't doing shit but complaining. If me complaining made anybody money, somebody would be rich.
Posted by Actually : #25 (in reply to #23) · reply · track
June 10, 2008 at 11:47 PM
It has my old home address at the top of it, as I did in fact change it on SSOL. So I am leaning towards this being spam but also being somewhat true, because I have no idea where else someone would have gotten my uni and old home address unless there was some kind of security breach.
Posted by Ron Gejman : #26 · reply · track
June 10, 2008 at 11:49 PM
The SAME thing happened last year - and Bwog even covered it: [ external link to www.bwog.net ]

Same email address, but different phone number.

I did a lookup on the 888 number ( [ external link to www.customtollfree.com ] and found it registered under Paetec Communications. I thought, perhaps this is Columbia's "registrar" for 888 numbers? So I tried finding other Columbia 888 numbers by searching on Google for "888" under columbia.edu. No luck, so no way to find out if Columbia uses Paetec.

The email headers look ok though... The email is being sent via a Columbia server.
Posted by Ron Gejman : #27 · reply · track
June 10, 2008 at 11:50 PM
EEk, Bwog can you fix those links to here [external link to www.bwog.net] and here [external link to www.customtollfree.com] respectively?
Posted by And finally : #28 (in reply to #25) · reply · track
June 10, 2008 at 11:51 PM
the email I got was different to the one posted on Bwog...it didn't tell me I had a free subscription to anything:

'As a precaution, we recommend you activate a fraud alert with the major credit bureaus, or periodically request a credit report to look for potential irregularities and ensure that no new accounts have been activated in your name. Each agency has an automated fraud alert process. If you activate a fraud alert, the agency you contact will notify the other two agencies so that those agencies also can place fraud alerts on your accounts. In addition, each agency will provide you a copy of your credit report at no cost. The contact information for the credit agencies is as follows:

Equifax – (800) 525-6285 – www.equifax.com

Experian – (888) 397-3742 – www.experian.com

Trans Union – (800) 680-7289 – www.transunion.com '
Posted by Mariam Abacha : #29 · reply · track
June 10, 2008 at 11:58 PM
CONFIDENTIAL

Dear Sir,

Good day and compliments. This letter will definitely come to you as a huge surprise, but I implore you to take the time to go through it carefully as the decision you make will go off a long way to determine the future and continued existence of the entire members of my family.

Please allow me to introduce myself. My name is Dr. (Mrs.) Mariam Abacha, the wife of the late head of state and commander in chief of the armed forces of the federal republic of Nigeria who died on the 8th of June 1998.

My ordeal started immediately after my husband's death on the morning of 8th June 1998, and the subsequent take over of government by the last administration. The present democratic government is determined to portray all the good work of my late husband in a bad light and have gone as far as confiscating all my late husband's assets, properties, freezing our accounts both within and outside Nigeria. As I am writing this letter to you, my son Mohammed Abacha is undergoing questioning with the government. All these measures taken by past/present government is just to gain international recognition.

I and the entire members of my family have been held incommunicado since the death of my husband, hence I seek your indulgence to assist us in securing these funds. We are not allowed to see or discuss with anybody. Few occasions I have tired traveling abroad through alternative means all failed.

It is in view of this I have mandated DR GALADIMA HASSAN, who has been assisting the family to run around on so many issues to act on behalf of the family concerning the substance of this letter. He has the full power of attorney to execute this transaction with you.

My late husband had/has Eighty Million USD ($80,000,000.00) specially preserved and well packed in trunk boxes of which only my husband and I knew about. It is packed in such a way to forestall just anybody having access to it. It is this sum that I seek your assistance to get out of Nigeria as soon as possible before the present civilian government finds out about it and confiscate it just like they have done to all our assets.

I implore you to please give consideration to my predicament and help a widow in need.

May Allah show you mercy as you do so?

Your faithfully,

Dr (Mrs.) Mariam Abacha (M.O.N)

N/B: Please contact Dr Galadima Hassan on this e-mail address for further briefing and modalities
Posted by Yeah : #30 · reply · track
June 10, 2008 at 11:58 PM (from campus)
So who wants to call the number and see what it says?

Also, the mailing address at the top makes me suspicious. And finally, what website was this on that was hosted by google? Blogger, docs, in the achieves? where?
Posted by Ron Gejman : #31 · reply · track
June 11, 2008 at 12:00 AM
I called. It goes to a voice mailbox for "Student Services" and says they are in only from 9-5.
Posted by Ron Gejman : #32 · reply · track
June 11, 2008 at 12:01 AM
Also "if you are calling in regards to the recent security incident, please leave your name and phone number, blah blah."

What is the real number for SS? Is it the same message?
Posted by rmb : #33 · reply · track
June 11, 2008 at 12:03 AM
When did you change your home address? Before or after February 2007?
Posted by Kubler-Ross : #34 · reply · track
June 11, 2008 at 12:08 AM
Can't wait till we reach the 2nd stage!
Posted by ss# : #35 · reply · track
June 11, 2008 at 12:48 AM (from campus)
it's real. for the people who got the e-mail, if you do a search with your SS# the google doc pops up.
Posted by ss# : #36 · reply · track
June 11, 2008 at 12:52 AM (from campus)
I also want an explanation for why an employee used a confidential database for a school project. Talk about a lawsuit waiting to happen...
Posted by i try : #37 (in reply to #35) · reply · track
June 11, 2008 at 1:06 AM
do i need spaces? dashes? nothing? i dont get hte document yet i got the email.
Posted by ss# : #38 · reply · track
June 11, 2008 at 1:09 AM (from campus)
i just entered my number directly: 123456789 (no thats not my actual SS#). It was the last link on the bottom of the google search page.
Posted by Ron Gejman : #39 · reply · track
June 11, 2008 at 1:11 AM
I guess I'm lucky. I only get iTunes Music Store record identifiers for my SSN!
Posted by new numbers : #40 · reply · track
June 11, 2008 at 1:12 AM
You can get new social security numbers, though it may require evidence that yours is being used by someone else. Not sure if this incident would allow us to get new numbers if we wanted to, but maybe.
Posted by i get : #41 (in reply to #38) · reply · track
June 11, 2008 at 1:20 AM
a bunch of web sites in foreign languages also. hah, i wonder if my number is all over the web being used by dirtbags, or maybe i'm just paranoid.
Posted by confused : #42 (in reply to #38) · reply · track
June 11, 2008 at 1:23 AM
Hmmm...I got the email (albeit the alternate version without the free two-year offer Identity Guard Creditprotect) and a google search of my SSN turns up nothing. A couple of points I don't understand:

- Why is Student Services sending two versions of the "apology" email with varying offers? Does this have to do with the fact that I am an alumn or are they sending some kind of email to everyone regardless of whether their SSN was included in that file or not?

- Why was some student employee using sensitive data for some stupid comp-sci project?
Posted by also confused : #43 · reply · track
June 11, 2008 at 1:31 AM (from campus)
- How the hell is there no wrongdoing? Our SSN#'s were posted online since Feb.
Posted by as an alum : #44 (in reply to #42) · reply · track
June 11, 2008 at 1:50 AM
I got an email with the free two-year offer.

As a technically minded alum, if this turns out to be true (it already looks 50% legit, as my SSN does produce a result on Google), I intend to get to the bottom of this, and encourage any like-minded individuals to do so as well. Whichever retard did this deserves to have every bone in his hands to be broken.
Posted by i find it : #45 · reply · track
June 11, 2008 at 1:55 AM
hard to believe some computer tech savvy guy didnt find this a hell of a long time ago.

16 months? just dont buy it.
Posted by someone : #46 · reply · track
June 11, 2008 at 2:22 AM
inside google is now saving every 9-digit search and cross referencing it with a database of columbia students.

Just their next step in taking over the world.
Posted by trust me : #47 (in reply to #45) · reply · track
June 11, 2008 at 2:48 AM
plenty of people have already found this, and not all of them are computer tech savvy guys. Some, if not most, of them are far more likely random African/ Chinese/ Russian spammers and thieves.
Posted by Google : #48 · reply · track
June 11, 2008 at 4:59 AM
This is what shows up on the bottom of the search apge when I Google my SSN (no dashes or spaces):

[external link to i28.tinypic.com]
Posted by there's : #49 · reply · track
June 11, 2008 at 5:09 AM
an easy way to put the debate about the legitimacy of the email to rest: our eager reporters here call Scott Wright and ask him directly whether he or his secretary sent this thing
Posted by umm. : #50 · reply · track
June 11, 2008 at 9:05 AM (from campus)
"Person who's SSN was exposed"?

come, now.
Posted by the Man '07 : #51 · reply · track
June 11, 2008 at 9:07 AM
This seems suspicious....

[external link to blogs.tampabay.com]

What are the odds of UF having a student "accidentally" post SSN's and addresses online.... Methinks this may be a recurring scam
Posted by This is infuriating : #52 · reply · track
June 11, 2008 at 11:26 AM
Doesn't anyone want to do anything about this? Class action lawsuit? I do.
Posted by cc07 : #53 · reply · track
June 11, 2008 at 11:28 AM
I didn't even get the email. I had to call, and they told me that my SSN was posted. Even if you didn't get the email, you might want to call them just to check.
Posted by EAL : #54 · reply · track
June 11, 2008 at 11:32 AM
Unbelieveable. Just got the e-mail this morning. What a great way to start the day.
Posted by I agree : #55 · reply · track
June 11, 2008 at 11:35 AM
I do as well...lets get a petition going or something...lets find out if its real or not first though.
Posted by .... : #56 · reply · track
June 11, 2008 at 11:36 AM (from campus)
i seriously feel like we are entitled to some sort of legal/financial recourse. Thoughts from the bwogosphere?
Posted by Well : #57 · reply · track
June 11, 2008 at 11:39 AM
Since the file is 'beds_roster_0607' I am going to assume that anyone living in Columbia housing that year is on it? Also, WHY were two different emails sent out, one with the free subscription and one without?

Bwog, please investigate
Posted by ... : #58 (in reply to #51) · reply · track
June 11, 2008 at 11:46 AM (from campus)
my social security number is the cell phone number for a crane operator in the czech republic! no joke!

here's the deal. you guys sue columbia and i'll sue the crane operator! i'd say that both our cases have an equal shot at winning!

Posted by unfortunately : #59 · reply · track
June 11, 2008 at 12:17 PM
As of now we have no damages to claim in order to bring a suit against Columbia, nothing has happened, as infuriating as it is.
Posted by another "victim" : #60 · reply · track
June 11, 2008 at 12:36 PM
Yeah I don't think a lawsuit is the way to go. That is unless someone did steal your identity in the past year and somehow destroyed your credit. I just got a free credit report online and there isn't anything on there that shouldn't be. I suggest others do that too since who knows how speedy columbia will be with the credit monitoring service.
Posted by probably : #61 · reply · track
June 11, 2008 at 12:58 PM
You can probably sue them for negligence and failure to keep confidential items securely. Though the lawyers of CU are an unholy army.
Posted by well... : #62 (in reply to #61) · reply · track
June 11, 2008 at 1:01 PM
you could try filing a ferpa complaint. get the gov't on their ass.

Posted by qqq : #63 · reply · track
June 11, 2008 at 1:09 PM
Um, is a SSN technically confidential? It's used for so many things (the reason why it's useful for fraud) that it's hardly a secret. Is there a law requiring companies to protect personal information? If so, can the company be held liable for one employee acting individually, probably against the terms of his employment contract?
Posted by fuck this school : #64 · reply · track
June 11, 2008 at 1:09 PM
my SSN is not producing a google hit for the spreadsheet on its own or when i search for it together with beds roster. so hopefully this suggests the thing has been properly removed now? (though the fact that anybody managed to get the spreadsheet to come up means columbia was not as successful at instantly removing the material as the email claims.)

also, SOMETHING FOR BWOG TO INVESTIGATE: is 2 years of credit-monitoring some kind of industry standard for what you need to be reasonably sure you're not going to take it in the butt from some identity thief? or is it just what columbia decided they could get away with as a way to placate the 5000 people they completely screwed over?

also, why in god's name did a student employee even have access to a file full of SSNs to being with? it seems like when the email says columbia is committed to protecting our personal data, they really mean, "RECENTLY committed to it, to a degree that may or may not actually make up for the previous disregard for that same enterprise"
Posted by can anyone check... : #65 · reply · track
June 11, 2008 at 1:15 PM
to see if the spreadsheet's been cached on archive.org's way back machine?

it usually saves those too... I'm sure columbia didn't bother removing it from other indexes *facepalm*
Posted by if you google : #66 · reply · track
June 11, 2008 at 1:16 PM (from campus)
cs4733 google code

You will get three hits. Click "cache" under the first or second one and you discover the possible culprit (the project owner)

Posted by if you google : #67 · reply · track
June 11, 2008 at 1:29 PM (from campus)
the project owner, you discover that he's an athlete in SEAs. Figures.
Posted by DHI : #68 (in reply to #63) · reply · track
June 11, 2008 at 2:05 PM
"Um"

Yes, I am pretty sure that it is "technically confidential," and that if you use your Social Security Number whoever you give it to has a responsibility to keep it confidential.

It would be an unbelievably bad system if there was a number that functionally needed to be confidential, but nobody was required to treat it as protected information.

Posted by ... : #69 (in reply to #66) · reply · track
June 11, 2008 at 2:07 PM (from campus)
i'm a bit of an idiot, so you'll have to explain this to me...

what exactly does the housing office leaking a room assignments spreadsheet have to do with a homework for a graduate/senior class in computer science/engineering?

there's no way in hell the school would ever release personal information to students for a project.

and there is really no connection whatsoever between robotics, a specific homework in a robotics class and a personal information spreadsheet put together by the housing office.

it's time to either confirm and clarify or put this ridiculous rumor to bed.

Posted by tada : #70 (in reply to #69) · reply · track
June 11, 2008 at 2:11 PM
[external link to cc.msnscache.com]
Posted by alexw : #71 · reply · track
June 11, 2008 at 2:30 PM
This comment has been deleted.
Posted by i don't care who : #72 · reply · track
June 11, 2008 at 2:30 PM
but i'd like to see some heads roll for this. seriously.
Posted by EAL : #73 (in reply to #67) · reply · track
June 11, 2008 at 2:37 PM
You're an idiot. Mindless bashing of the athletes is completely irrational and unrelated to the topic at hand.
Posted by great... : #74 (in reply to #70) · reply · track
June 11, 2008 at 3:15 PM
so there are 2 downloaded copies somewhere out in the public... gjdm/columbia
Posted by dude : #75 (in reply to #70) · reply · track
June 11, 2008 at 3:31 PM
seriously?
Posted by ... : #76 (in reply to #70) · reply · track
June 11, 2008 at 3:38 PM (from campus)
wow...

only thing i can guess is that someone was working on some kind of export thingy for housing as a student job and one of the output files got mixed in with the homework.

moral of the story: do not ever write computer programs that name their output files "output." it makes an excellent case study!

that said. hey bwog, what do you think about deleting all the comments that provide breadcrumbs back to the guy who made the mistake. granted, it was a grumble from me that got the stuff posted in the first place. but nevertheless, i think that having his name and employer up is not really cool and doesn't really add anything interesting to the story. i guess you could argue it's poetic justice, but c'mon, it seems awfully doubtful that anything malicious went down here.

Posted by OF COURSE : #77 · reply · track
June 11, 2008 at 3:46 PM
i know many CS ppl who use that information to make predictions about the housing lottery.

though the SSN's are not useful for that purpose, the number of ppl living in those suites are useful...
Posted by ss# : #78 · reply · track
June 11, 2008 at 4:01 PM (from campus)
by the way - has anyone thought about what this mishap will cost CU? Credit protection is 12.99/month x 24 months x 5000 student =1.5 million. Even with a bulk discount this has gotta be costing Student Services >1mil
Posted by alexw : #79 · reply · track
June 11, 2008 at 4:18 PM
I'm taking their shitty credit protection scam bullshit just so I will cost the incompetent pinheads as much money as possible.

You should do the same.
Posted by well : #80 (in reply to #79) · reply · track
June 11, 2008 at 4:22 PM
if it costs student services its just going to cost the students more anyways, in programs and in competent staff
Posted by correction : #81 (in reply to #74) · reply · track
June 11, 2008 at 4:25 PM
4 times.

[external link to cc.msnscache.com]
Posted by Well not all 5000 : #82 (in reply to #78) · reply · track
June 11, 2008 at 4:33 PM
Since they didn't give it to me. Bah.
Posted by DHI : #83 (in reply to #79) · reply · track
June 11, 2008 at 4:41 PM
I agree 100% with this idea; you have to fuck with the cash of any of these organizations to make them give a shit. Obviously it's destructive in any particular situation, but it's good policy.
Posted by ... : #84 · reply · track
June 11, 2008 at 5:21 PM
fuck.
Posted by Important Point : #85 · reply · track
June 11, 2008 at 5:34 PM
While it's clear that Google has taken down the Googlecode page for the class project at this point, it's less clear to me that the googlecode files were publicly accessible. Do we know for sure that output.xls was actually downloadable without a login? Plus, it was downloaded only 4 times, i.e. perhaps only by members of the project itself? Moreover, if the code repository required a google account for access, there'd be a pretty clear record of who downloaded the file, no? With only four downloads, conceivably even if it were publicly accessible, Google at least has IP information if not Google Account information of those individuals. 16 months or not, I'm not yet sure this information actually got into the wrong hands.
Posted by There is no... : #86 · reply · track
June 11, 2008 at 5:41 PM (from campus)
honest mistake to all this. Who in their right mind would EVER use confidential such as SS numbers for something as trivial a SCHOOL PROJECT? And has the gall to post it ONLINE?

This is just pure, blatant idiocy, plain and simple. Apparently instead of using random name and number generators, the person/party in question decides to use people's ACTUAL names and ACTUAL SS numbers...and saw no potential ramifications for this.

And its great that its now known that we get two years of credit protection. That way, when the two years runs out, then 5000 of us can go right back to having our identities stolen. What a way to blow a couple million dollars.

Fuck Columbia. Fuck the idiot who put us in this position in the first place.

Posted by i say it's public : #87 (in reply to #85) · reply · track
June 11, 2008 at 5:59 PM
considering that googlecode only hosts open source projects
Posted by anyone else : #88 · reply · track
June 11, 2008 at 9:29 PM
get tapped by the NY post and asked to comment/forward them the email?
Posted by IDIOTS : #89 · reply · track
June 12, 2008 at 2:58 AM
This comment has been deleted.
Posted by no response? : #90 · reply · track
June 12, 2008 at 3:30 AM
Has anyone else tried emailing address Scott Wright included in his "apology?" I sent a message expressing my frustation with this fiasco and a request that the University offer the free, two-year trial of IdentityGuard CreditProtect to ALL THOSE AFFECTED, not just the handful of lucky "victims" that got this generous gift. It's been about 36 hours and I haven't heard a peep from Columbia.
Posted by ... : #91 (in reply to #89) · reply · track
June 12, 2008 at 3:50 AM (from campus)
puhleeaze... nobody used personal data from housing and dining as part of a school project. that is the most ridiculous thing i've heard in weeks. it's already been pointed out that it was a mistake on the part of a student employee.

use your brain, please.

would a professor accept a project based on personal data? fuck no. if word got out there would be meetings for months. find me a professor who likes meetings.

the staff of the bwog needs to show some fucking maturity and delete the comments that identify the guy who made the mistake. there's surely going to be some idiot fuckwit from this school who actually will start making calls into the poor guy's employer.

Posted by I'm just about : #92 (in reply to #91) · reply · track
June 12, 2008 at 3:56 AM
ready to call his company, actually. And I will readily admit my mistake: after further scrutiny, it appears that the project was not based upon/ related to this data file. It is therefore inexplicable why this kind of information would be posted online at all, besides bragging rights ("check out what I can access because I work for H&D!").

"Poor guy"? How/ why you have any sympathy for this moron is absolutely beyond me.
Posted by Sprinkles : #93 (in reply to #89) · reply · track
June 12, 2008 at 4:14 AM
I can't open the Google cache file as it says I don't have permission...how did you do it? One of my bank accounts was recently hacked and I want to know if this has anything to do with it. I'm an alum and my Columbia e-mail expired, so I don't know if I was supposed to receive the e-mail but didn't.
Posted by Is there a way : #94 · reply · track
June 12, 2008 at 4:17 AM
that we can completely eliminate the necessity of SSNs as identifiers except when *absolutely* necessary (e.g. finances)? We have other ways of being identified - UNIs, CUID numbers - and I feel like the phasing out of SSNs as identifiers should have been done long ago. But again, Columbia is years behind. Maybe this little mishap will whip them into shape.
Posted by sorry : #95 (in reply to #93) · reply · track
June 12, 2008 at 4:22 AM
the cache is no longer available. I did save a list of names of the people who appeared there, for future reference (and because it included quite a few of my friends). If you are an alum, go to [external link to alumni.columbia.edu] and sign up for + check your alumni account for the message. This is where I received the notification.
Posted by Sprinkles : #96 (in reply to #95) · reply · track
June 12, 2008 at 5:30 AM
Thanks. Yep, there's the letter. Strangely, though, I haven't been offered the two years of free credit monitoring. My letter is different from the one posted above. Why don't alumni get this protection? For what I paid for my degree, that's the least Columbia can do.
Posted by Juli (Site staff): #97 · reply · track
June 12, 2008 at 10:48 AM
Two comments were deleted because they contained the full name of a certain someone who asked for them to be deleted.

All future comments containing the name of that someone will also suffer the same terrible fate, so heads up everyone.
Posted by been done : #98 (in reply to #94) · reply · track
June 12, 2008 at 10:50 AM (from campus)
yep. it's been done. the switch was completed by september 07 with the new id cards. it makes whining about "change" somewhat difficult when the "change" has now already been done, but this file was from before the switchover
Posted by ... : #99 (in reply to #92) · reply · track
June 12, 2008 at 11:24 AM (from campus)
again... your logic is totally broken...

"hey look at me... i maliciously stole private data and posted it on the internet in a fashion that is attached to my own REAL NAME."

"and i would have gotten away with it too if it weren't for those meddling procrastinators"

Posted by Alum : #100 · reply · track
June 12, 2008 at 12:00 PM
I'm a little surprised that the guy responsible hasn't issued an apology or explanation for his actions, even an anonymous one, rather than just hiding behind the official email. Given the potential impact of his actions on those of us listed in the document, it doesn't seem like too much to ask.
Posted by perhaps : #101 (in reply to #100) · reply · track
June 12, 2008 at 12:04 PM
Maybe he doesn't know he's being lynched on Bwog right now? Not everyone reads this thing, you know.
Posted by meh : #102 (in reply to #101) · reply · track
June 12, 2008 at 12:40 PM (from campus)
probably the case. Apparently, BWOG only deletes posts with your entire name if you request it. We could all be really trashing Joe Blow, without his knowledge - and it won't get deleted. Should I just e-mail BWOG now and ask that all posts in the past or future with my full name be deleted?
Posted by Juli (Site staff): #103 (in reply to #102) · reply · track
June 12, 2008 at 12:51 PM
Really? Commenters 101 and 102, please see comment 97.

Posted by Delete this comment. : #104 · reply · track
June 12, 2008 at 1:26 PM (from campus)
His name is Robert Paulson. His name is Robert Paulson. His name is Robert Paulson. His name is Robert Paulson.
Posted by no... : #105 · reply · track
June 12, 2008 at 2:36 PM
This comment has been deleted.
Posted by j-grace : #106 · reply · track
June 12, 2008 at 3:02 PM
i, for one, just can't believe rob trump would do something like this.
Posted by rjt : #107 (in reply to #106) · reply · track
June 12, 2008 at 4:10 PM
I regret nothing.

Except posting my own information along with that of 4999 others. I regret that part.
Posted by meh : #108 (in reply to #103) · reply · track
June 12, 2008 at 6:25 PM (from campus)
I read comment 97 - which is what prompted me (#102) to write what I wrote. The comment was deleted because the named person asked for you to delete it. If he did not know his name was posted here, he would not have requested the deletion. So, if I start bashing Joe Blow, and he does not know it is on the BWOG, he will not request its deletion, and it will remain for all to see and ridicule him.

Also, Juli (if that is your real name), in the follow up BWOG post ( [external link to www.bwog.net] you wrote in comment #20 that the ball is in "sven's court" - since then, he has apparently requested deletion... maybe you should delete your post there since it has his first name.
Posted by Juli (Site staff): #109 (in reply to #108) · reply · track
June 12, 2008 at 6:32 PM
"Sven" is not a full name. Comment 97 specifically stipulates that it must be a full name: "Two comments were deleted because they contained the full name of a certain someone who asked for them to be deleted."
Posted by So if i say : #110 · reply · track
June 12, 2008 at 7:23 PM
that a certain Mr. Hafemeister is the brainless culprit behind this mess, my post cannot be deleted. I leave it up to my brilliant Columbia colleagues to logically deduce the full name, as I have explicitly not posted it here.
Posted by meh : #111 (in reply to #110) · reply · track
June 12, 2008 at 7:42 PM (from campus)
Sven is not a full name.
Posted by Hahaha : #112 · reply · track
June 12, 2008 at 8:25 PM
Sven...
Posted by Hahaha : #113 · reply · track
June 12, 2008 at 8:25 PM
...Hafemeister
Posted by anti-Site staff : #114 (in reply to #109) · reply · track
June 12, 2008 at 9:05 PM
Juli, that's a stupid policy. You should delete the previous four comments which obviously spell out someone's full name. And probably the one with only a first name two. Otherwise, what's the point?
Posted by bahramewe : #115 (in reply to #114) · reply · track
June 12, 2008 at 9:12 PM
Yeah, 'cause having your personal information spread around on the world wide interwebs without your permission sure is a bummer.
Posted by Agreed... : #116 (in reply to #114) · reply · track
June 12, 2008 at 9:54 PM
All posting his first name does is draw unwarranted hate to others named Sven.

There are (were) 3 on Facebook. Now there is two...said offender is not a part of them.

And honestly? How many SVEN's do you know, including ones that go to Columbia? Using his name at all is just plain pointless...seeing as how its a rather distinct name.
Posted by sh2125 : #117 · reply · track
June 12, 2008 at 10:23 PM
CU removed the UNI sh2125. Also there's no more sven's on facebook anymore.
Posted by Haha : #118 (in reply to #114) · reply · track
June 12, 2008 at 10:42 PM
Juli walked right into that one. I wonder if she's gonna bit the bullet and admit she made a mistake.
Posted by I sure hope : #119 · reply · track
June 12, 2008 at 10:57 PM
this [external link to www.gocolumbialions.com] person's employer doesn't find out about his little boo-boo with highly private information.
Posted by retribution : #120 · reply · track
June 13, 2008 at 12:13 AM
Someone should thank Mr. Hafemeister. Perhaps by purchasing

[firstname]hafemeister.com

and explaining the whole incident.
Posted by ... : #121 · reply · track
June 13, 2008 at 4:25 AM
lest future generations of CU students forget...

[external link to www.wikicu.com]

[external link to www.wikicu.com]

[external link to www.wikicu.com]
Posted by fyi : #122 · reply · track
June 13, 2008 at 9:23 AM
anyone ever stopped to think about how their identity could really be taken???

[external link to www.washingtonpost.com]
Posted by Timing : #123 · reply · track
June 13, 2008 at 3:29 PM
It is entirely coincidental that Columbia conveniently disclosed the breach after summer vacation started, when the affected students would not be in campus.
Posted by timingPart2 : #124 · reply · track
June 13, 2008 at 3:36 PM
don't u think they would have cleaned up the google cache and whatever other traces, if they knew about this for longer than they say? apparently there was still stuff out there after they sent the two emails...
Posted by Timing : #125 · reply · track
June 13, 2008 at 3:52 PM
You're assuming that they are competent. Tisk Tisk!(A mistake many of us had made in the past.) If they were competent, they wouldn't allow a pimple-faced student to download 5,000 SS# off their computers.
Posted by timingPart2 : #126 (in reply to #125) · reply · track
June 13, 2008 at 4:38 PM
Indeed, spoken wisely...those assumptions always get us in the end...
Posted by Sprinkles : #127 · reply · track
June 13, 2008 at 7:49 PM
Why are we protecting the person who did this?
Posted by pwnt : #128 · reply · track
June 13, 2008 at 8:43 PM
[external link to www.petitiononline.com] see Signature #95.
Posted by wow : #129 (in reply to #47) · reply · track
June 13, 2008 at 9:03 PM
that's so racist.
Posted by Timing : #130 (in reply to #127) · reply · track
June 13, 2008 at 9:29 PM
he should be expelled from CU if he's still there. He just cost CU $1,560,000. ($13 ID service*24 months *5000)
Posted by moron : #131 (in reply to #129) · reply · track
June 13, 2008 at 10:16 PM
Go read some security reports and find out which IP domains generate the most security threats. And shove your racism card back up your ass.
Posted by out in the news : #132 · reply · track
June 14, 2008 at 10:24 PM
[external link to www.nysun.com]
Posted by gco : #133 · reply · track
June 17, 2008 at 7:24 PM
columbia should put some funds into a identity theft insurance pool to cover the costs that will be incurred by any person whose ID is stolen as a result of this. that makes a lot more sense than giving 5,000 people credit monitoring subscriptions for an arbitrary period of time. if they really did spend north of a million dollars, wouldn't it have been better to just set that aside? ex post, it allocates more money to the actual people who need it-- namely, the people who actually have problems as a result of this. ex ante, it provides insurance to everyone, so we all sleep better, even though the vast majority of us are probably going to be fine. my SSN was posted, by the way
Name:
(Log In | Register your identity)

Email:
Reply to:

Describe this color in one lowercase word.
78 °F, Partly Cloudy

About Us

Bwog is compiled by the staff of The Blue and White, Columbia University's undergraduate magazine.

Contact Us

Please send tips to tips@bwog.net.

Questions or concerns? Email editors@bwog.net.

Bwog is always looking for new writing talent. Email contribute@bwog.net.

In Print

Our Favorite Comments

5 bucks says: [read]
"That once she deals with Facilities, she'll give up on SPEW."
Ahaha: [read]
"Funny mental image of an old man with a walker yelling "BWOG" in that comment"

Bwogroll

National Blogs

IvyGate
Papertrail
Open University
Wonkette

City Blogs

Gothamist
Gawker
Craigslist
City Room (New York Times)
Overheard in New York
Community Board 9
Stop Columbia
Eater
Curbed

Other School Blogs

Wesleying
Gadfly (Harvard)
MadsVassarBlog
Sex and the Ivy (Harvard)
Elliot Back (Cornell)
Under the Button (Penn)
NYU Local

Columbia Blogs

WikiCU
Light Reading
GS Lounge
Raising Kane
The Hungry Lion
Roar Lions Roar
Phlog
the(pro)be
EcoReps
Columbia Dems
The Blaaag
Editor Josh
The One Train
Lumilux
Igloo on Wheels
Bored@Butler
Five Plus One
The Columbia Critic
Queued Paper
The Columns
ReflectivePundit
wang.
2nd Law
el participante Commentariat
The Core Junction
Off Broadway
CollegeOTR
Greater or Smaller
The Mayor's Hotel
Barnard Zines
Peter and Rob Make Lists of Things
Rhapsody(abroad)
The Jester
Columbia/Barnard Hillel
SCEG Blog
Poor College Student

Technical

Our headlines are syndicated through Atom. This site is powered by a modified version of the Publicate Content Management System, which is available for free.

Events

Apply to be a Spectator Opinion Columnist

07/15/2009

Contact email: opinion@columbiaspectator.com

Spectator is now accepting applications for fall 2009 opinion columns. Write to opinion@columbiaspectator.com or go to to obtain an application. The application deadline is July 15, 2009.

Spectator accepts columnist applications from students at any undergraduate school affiliated with Columbia University. Columns are published every two weeks, and writers are expected to edit with an opinion page editor before publication.
http://www.columbiaspectator.com/about

Advertise Your Event!

01/6/2010

Contact email: events@bwog.net

Please provide the following:

Title
Location
Date/Time
Description
Contact email
Contact website
Logo/flyer image

We're excited to announce that we can now include images in line with your event listing! These can link to anything on the web. For example, you could include your organization's logo and have it link to your website. Or, you could have us post a thumbnail of your flyer and have clicking on it reveal the larger one.

Please do give us a few days' notice- our inboxes fill up quickly every day, so it may take a little while for your event to be posted.

Lost and Found

Lost (or found) an item? Email tips@bwog.net.

Articles © 2006-2009 The Bwog. Comments Policy. Published with Publicate.