search articles:     from the issue of February 15, 2007         Security team examines accidental SSN posting  BY KELLY BARTLING, UNIVERSITY COMMUNICATIONS Following the discovery of Social Security numbers posted on a UNL Web site, Information Services has issued a reminder to colleges and departments to perform an inventory of systems and files to assure that federal ID numbers - or text files and databases containing SSNs - are not inadvertently posted online. Chris Jackson, vice chancellor for Business and Finance, said an information security team is reviewing policies and procedures. The team will identify options for SSN "sniffing" software to assure no other files appear with faculty, staff or student personal identity information. The university policy on the use of Social Security numbers and computer security policies is posted online at www.unl.edu/is/infosecurity.shtml. On Feb. 6 an Omaha World-Herald reporter called the university to report an individual had found his SSN on a UNL Web site. Information Services reported that the text file dating to a 2004 error log created when an "active directory" update was posted as a test site. The Web site, which listed SSNs of 66 students and six university employees, was removed. Earl Hawkey, UNL registrar, informed the students affected, and calls were made by Human Resources to the faculty/staff whose SSNs were posted. Apologies and information on monitoring credit reports and identifying signs of identity theft were issued. "The combination of information as listed does pose a risk to these students, faculty and staff to identity theft," Jackson said. "Because of this, communication is being sent to all these people on these pages to inform them what occurred and how to protect themselves. "For the most part everyone has been cooperative and we've been all working to educate our colleagues about this. This serves as a valuable reminder that faculty and campus units should not be asking for any SSNs or other private information like date of birth unless they are must have it, as in personnel or HR data. Until the campus ends its use of SSNs as an identifier, unfortunately, this situation will continue." Jackson said information security incidents like these are not unprecedented but are nevertheless unacceptable. "The university takes its responsibility for information security seriously and has taken immediate action to correct the situation," she said. To inform students and the university community about issues of internet security and identity theft, Information Services has created a Web site "question and answer" page to help. The site is located at www.unl.edu/is/identitytheft.shtml. Jackson said if private information is found on public sites, the posting should be reported to the Web site authority immediately so action can be taken to pull the sites. • Social Security numbers for 66 students and 6 university employees were accidentally posted online and subsequently removed • UNL issued apologizes and information on monitoring credit reports and identity theft to all 72 individuals affected • Information Services has posted Internet security and identity theft information online for faculty, staff and students. The site is located at www.unl.edu/is/identitytheft.shtml. GO TO: ISSUE OF FEBRUARY 15 NEWS HEADLINES FOR FEBRUARY 15 Annual UNL, LPS program offers science experience to fifth-graders Researchers featured at AAAS event Security team examines accidental SSN posting 732722S36725X