A file containing sensitive student information was found by an Olympic College student unsecured on the OC intranet recently, but according to the Information Technology Department the problem has been fixed.
Tom Jacobs, customer service manager for IT, said the file was secured “within minutes of finding the problem.”
Jon Bowers, student body president, said Jacob Core had been navigating through OC’s complex network of servers because he was looking at the architecture of the network.
“It’s something he’s interested in,” said Bowers.
During his exploration, the student found an unencrypted file on a shared server that contained students’ names, student identification numbers and the last four numbers of their social security number and informed Bowers of his discovery.
“Jacob contacted me with my student ID number and the last four of my social security number,” said Bowers.
Bowers said after Core told him about the file he immediately contacted the IT department and Toni Hartsfield, director of Student Programs and Leadership Development, to address the issue of private student information being accessible to the public.
According to Evelyn Hernandez, technical services manager for the IT department, the file was discovered on a shared server that had not been used in the past. The file was moved there on accident by an OC employee who was working on building a database and thought the server was secure.
“I look at it like a blessing in the sky,” Hernandez said, adding that finding errors like these in the system helps keep IT on their toes.
“It doesn’t matter how busy we are,” she said. “We need to do the house keeping.”
Hernandez said the particular server was overlooked because it had never been used before, but the discovery caused IT to take a closer look at the security access of the computer network.
“The first day I actually heard about (the breech) we made sure all of the shares that are out there have the proper (access) permissions,” Hernandez.
Hernandez said the problem was reported to the state body that determines security guidelines and said from what she has seen student information is safe.
“I thought they handled it really quickly and really professionally,” said Bowers.
Bowers added that he doesn’t think there are major flaws in the system, but “IT needs more help than it gets.”
“I know that IT does a good job, but I also know they are understaffed,” said Bowers.
However, Bowers also put the type of information that was leaked in context. He said the student information that the college has is private by mandate, but it is not necessarily valuable to most people.
Hartsfield said all OC employees go through Family Education Rights and Privacy training and are informed on how to handle confidential information.
“Generally speaking I feel good about employees’ understanding of FERPA,” Hartsfield said.
Hartsfield also said personal information can never be guaranteed to be safe anywhere.
“The one thing to remind people of is you can never be 100 percent safe in any community,” Hartsfield said. But “Do people need to worry on a day-to-day basis that the college is leaking information? No.”
Hartsfield said she doesn’t think anybody at OC intends to create an unsafe situation, so it’s important to ask how quickly and effectively the campus responds to these incidents.
“When community members work together and have good communication and quick response time,” Hartsfield said, “they can effectively manage unsafe situations.”
Be the first to comment on this article!