Hawaii U Posted Private Info of 40,000 Students Online

(Oct. 29) -- More than 40,000 former University of Hawaii students now know what plenty of others before them have regrettably experienced firsthand: Security online can be elusive.

The students' Social Security numbers, grades and other private information were made public after a faculty member at the school accidentally posted the information online, according to The Associated Press.

The sensitive information of anyone who attended the school's Manoa campus from 1990 to 1998 or in 2001 was available over the Internet, university spokesman Ryan Mielke told the AP.

The security breach happened when the now-retired faculty member, who was not named, was conducting research on graduation rates. Although she thought she was working on a secure server, she was not, officials said. The information was available for nearly a year before it was discovered and taken down Thursday.

Mielke called it an honest mistake. "The faculty member truly believed it was an encrypted server and it was not, it was an error," he told KHON2 in Hawaii. The school said it was in the process of notifying the students impacted by the breach and warned them to secure their banking information, since data like Social Security numbers can be used in scams and for fraud.

Unfortunately, the students at the University of Hawaii are far from the only ones whose privacy has been compromised on the Internet. Here are some of the most infamous cases of Web-related information security breaches:

Facebook's Apps Fracas

Just this month, The Wall Street Journal reported that online advertising companies were able to access the names of millions of Facebook users through the social networking site's most widely used applications, also known as "apps." The company said it is committed to closing the privacy loophole. "We take user privacy seriously," Facebook developer Mike Vernal wrote Oct. 18 in a company blog post. "We are dedicated to protecting private user data."

'GCreep,' or the Google Engineer Who Allegedly Spied on Minors

In a more disturbing, if less widespread breach, (now former) Google engineer David Barksdale, 27, allegedly invaded the personal Google Voice account of a 15-year-old boy he met online, Gawker reported in September. After discovering the identity and contact information of the boy's girlfriend, Barksdale allegedly threatened to call her. Google fired Barksdale this summer. In a statement, Bill Coughran, senior vice president for engineering at Google, said the company "dismissed David Barksdale for breaking Google's strict internal privacy policies." He said that "a limited number of people will always need to access these systems if we are to operate them properly -- which is why we take any breach so seriously."

Sponsored Links

The TSA's Uncensored Guide to Getting Through Airport Security

In December, the Transportation Security Administration accidentally posted online its airport screening manual, a packet that included information about the easiest kinds of documents for terrorists to fake and the percentage of baggage that is to be screened by hand. Last year, Sen. Susan Collins, R-Maine, called the document "a road map to those who would do us harm," according to ABC.

Hackers Establish a 'Digital Beachhead' at the Pentagon

In August, the Pentagon publicly acknowledged that it was the victim of a cyberattack and said hackers had penetrated the Department of Defense with malware. "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary," Deputy Secretary of Defense William J. Lynn III wrote in an article in Foreign Affairs magazine. He said the malware established "what amounted to a digital beachhead, from which data could be transferred to servers under foreign control."