Stupid user tricks: IT admin follies

IT heroes toil away unsung in miserable conditions -- unsung, that is, until they make a colossally stupid mistake

Soup of the day: Social Security numbers

Incident: Throw a bag of the finest steaks into a piranha-infested river, and you've got no right to complain when the fish make quick work of it.

In a sense, that's what happened when a 15-year-old freshman at Downingtown West High School stumbled upon, then copied files containing highly sensitive personal information -- including Social Security numbers -- of roughly 41,000 current and former students, families, and other town residents.

Similar because, as the district admits, the sensitive data was placed in a completely unprotected part of the school's computer network by a member of the district's IT staff. More than that, the admin had stored the files in a network segment to which students had access.

Whereas the student was charged with three felonies and one misdemeanor computer crime for copying information left nearly in plain view, the admin is considered guilty of nothing more than a brain-dead IT gaffe.

For what it's worth, the town's police determined that the student merely copied the data to a portable drive and gave only one copy to another student, who is cooperating with the police. That hasn't dampened the witch hunt, however, as several parents and residents are calling for the student to serve jail time.

Why the district was collecting the Social Security numbers of residents for the purpose of sending them newsletters, however, has not come under scrutiny. Nor has the lack of safeguards IT placed on that information.

So negligent was the IT handiwork that, according to school district spokeswoman Pat McGlone, the student "did not need to crack any passwords, evade any firewalls, or blow down any doors, so to speak. He just simply needed to be curious and bored," as Will Hobson wrote in the Philadelphia Inquirer.

And if boredom is all it takes for a teenager to expose 41,000 Social Security numbers, you know your approach to IT isn't smart.

Fallout: Fortunately for the student, cooler heads prevailed at the Chester County Deputy district attorney's office. The student won't face prison time. The district, on the other hand, has had to scramble to send out 16,600 letters to residents warning them about the potential for identity theft and has rushed to better secure its network and this sensitive data.

Moral: Maintaining a highly sensitive database requires encryption -- especially where bored teenagers are allowed to roam. In fact, keep your stored Social Security numbers off the cafeteria lunch menu portal altogether. Oh, and rather than just pillory a tech-savvy 15-year-old for taking advantage of an open door to sensitive personal data, lay equal blame on the IT worker, as well as the person in charge of collecting and protecting the database.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andrew Brandt

InfoWorld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?