It might seem like there is an epidemic of information disclosures in recent years. I maintain there is a companion epidemic: one of silence about the reason for these intrusions and disclosures. This prevents anyone from really learning how to improve by any other means beyond having a finger waggled at us/them or a painful ruler smacked across our cheek. (I sometimes wonder if we’re going to be stuck in a silo no matter what our efforts…)
The Daily Camera has a story about the disclosure of data on 9,500 persons from the University of Colorado (dig the off-beat green-tinted site).
Hilliard said three computers [one laptop, two desktops] in the Division of Continuing Education and Professional Studies were compromised by a “very complicated hack” that was discovered Thursday afternoon.
One man’s “complicated hack” is another man’s obviously gaping hole. Useless information.
“We think they were compromised by digital intrusion with some sort of hack,” Hilliard said, noting there is “no direct evidence the data has been taken and used for nefarious purposes.”
I’m done being nice about these things. No shit you don’t have any direct evidence of wrong-doing. If someone breaks into my house and steals my gun, I can cover my eyes and say “I have no proof a crime is being committed with it!” By the way, no kidding, “some sort of hack…” amazing.
According to Hilliard, none of the computers was [sic] supposed to have personal information stored on it, following a policy change CU implemented last fall after someone hacked into a computer issued to the College of Arts and Sciences’ Academic Advising Center.
Policies don’t actually stop anything, just like education. Both are necessary, but neither will guarantee anything. Kinda like that 35 mph sign on the road that I always drive past at 42 mph.