Tuesday, September 4, 2007

MASSIVE data breach at U-M's AOSS Department

flash

Now first off, you won't find this story in the Ann Arbor News nor the
Michigan Daily. WHY won't you find it there? Ask them. BOTH were alerted to this story when the Department of AOSS issued letters to those who had their data (including social security numbers) hacked from somewhere overseas this past winter. BOTH News outlets were told of this story, yet neither wrote anything about it.

Ypsi City Desk WILL write about it.

For quite a while a database was being built on former and current employees at the Department of AOSS (Atmospheric, Oceanic, and Space Sciences), part of U-M's School of Engineering. Even though the individual entrusted with building the database KNEW the dangers of including employee SS numbers he went ahead and included them anyway. Warnings were ignored and the database was, you guessed it, HACKED. Into the hackers hands went all kinds of former and current AOSS employee data INCLUDING Social Security numbers.

What was the AOSS's decision? To send out letters telling you YOUR information was breached. They would do no more on this. Ypsi City Desk was told the Department would not even spring for credit monitoring for one year as they didn't want to, according to Denise Moore, Department Manager; "set a precedent".

A precedent for what? Living up to your RESPONSBILITIES? YOUR worker (and Ypsi City Desk DOES know his name) built a hackable database that ran an out of date obsolete version of the software on an out of date obsolete OS with social security numbers that never should have been there to begin with. AOSS simply gives a note and a "Best of Luck" speech to violated current and former employees.

Ypsi City Desk has also learned that any letters that came back undelivered (as the person in question may have moved) nothing further was done by AOSS to contact them.

The level of apathy towards current and former employees is off the scale at AOSS.

Not willing to do the right thing, the Department of AOSS everyone. Why not tell Chief Head-in-the-Sand Department Chair Tamas Gombosi (and the decision NOT to compensate those who had data hacked came from Mr. Gombosi--Ms. Moore confirmed this to the YSD earlier this year) what you think.

tamas@umich.edu or call him:
(734) 764-7222

4 comments:

Anonymous said...

Wouldn't hey have had to report this to CAEN or the College of Engineering? Who sat on this at U-M? Good job Jonny. I hope there is some more follow up to this story on U-M's end

Anonymous said...

Well Ypsi City Desk, that is what you get when you wait around for The Ann Arbor Snooze to write anything critical of the U. Nothing. If an employee steals money from them they'll cover it. If a student commits a crime, they'll report it. If the University does anything wrong, like it sure looks like they did here, silence. They need the top brass at the University to comment on things and they won't bite the hand that feeds them.

Good blog though.

Anonymous said...

Are you going all real news on us Johnny? LOL

Johnny Action Space Punk said...

ALL NEWS? Sorry, not in the old format. This story had to be told. I thought too many were put at risk for someone to simply walk away and perhaps think "I'm big enough to make this go away".

That's just too much like Homer Simpson, while being scolded by Marge for not paying enough attention to the kids, walks away saying "I'm going to go eat mayonnaise".