Today a group of Ryerson University (Toronto) students got a nasty surprise. Their personal info was being exposed on the web.
From the Toronto Star:
Almost 600 Ryerson University students may have had their personal information, including Social Insurance Numbers, revealed due to a software glitch in the system that registers students for courses.
The error in the Student Administration System was first flagged on Dec. 27 when a student stumbled upon it and emailed the administration, said Ryerson’s information and privacy co-ordinator Heather Driscoll.
The error allowed him to view the personal information of up to 588 students, including their name, gender, date of birth, student number, mailing address, and Social Insurance Number.
Hmm. That’s not cool. But, what is a little more disturbing is that,
Two more students also notified the school about the error. On the third occasion, on Jan. 9, the university pinpointed the glitch and designed a patch they say fixed the error.
So, let’s play the adding game. First reported exposure was Dec. 27. The third was on January 9th. That’s just shy of two weeks where student information was exposed.
Um, huh?
Officials say they don’t believe there has been any misuse of the information that was exposed, and Sheldon Levy, president of the institution, has commended the students who initially noticed the error.
Based on what exactly? Divining tea leaves? Commending the students is fine but, oh I don’t know, how about acting on the information? And how do we know that the exposure was limited to roughly 600 students?
I have a shiny loonie that says I can answer that one.
Read on.
