Google indexed the FTP server of Yale

Yale University announced large-scale date leaks from corporate network: within 10 months names, card numbers of social insurance of 43 thousand teachers, employees, students and graduates of this university were available to viewing by means of the Google search engine.

All victims, whose data are compromised, communicated with Yale the university in 1999 and used free services of monitoring of identification and insurance within two years, reported the university in the statement last week.

Unauthorized access to data was established when the FTP server on which data are stored became available to the Google search engine. It became possible after the software giant changed settings of the search system in September of last year, Yale Daily News reported.

Online editions with reference to the statement of CIO of Yale of Len Peters reported that the FTP server containing the compromised information was used generally for materials of public type. In September, 2010 Google made changes which allowed the search system to run for search and to index FTP servers. But then university IT heads did not know about it, Peters told. According to him when in June, 2011 in Yale detected violation of a security system, servers were displaid in a standalone mode, important data are deleted. Verification of presence of the files containing the data similar to that were on the FTP server was carried out.

In the statement for the Computerworld edition, the administration of university does not mention how data were compromised. However, as declares the management of the university, protection of files was provided, and Google confirmed that the search system does not store any information the University of Yale (Yale University)|Yale any more]].

The university does not report how it was succeeded to detect these violations whether someone got data access of university through the system of search of Google. Peters noted that innocent information with names which will hardly matter without knowledge of a context was stored in texts of a campus which are stored in files and the directory which underwent a compromise.

It is already the second case of inadvertent disclosure of confidential data on the Internet which became known to the public within the last two months. In June Southern California Medical-Legal Consultants Inc (SCMLC) reported that names and card numbers of social insurance about 300 thousand people who submitted data with a request for compensation potentially were exposed to a compromise. It also occurred when the internal server of the company on which data are stored began to be processed by the search system.

SCMLC learned about violation of security from the Identity Finder company operating in the field of security. In the statement Identity Finder reported that its analysts detected on the server of SCMLC company available from the Internet, about 4 thousand uncompressed files containing several gigabyte of personal data.

According to the statement of Identity Finder, files were not encoded, are not password-protected, and some were cached by, at least, one large search system. Afterwards the company worked with Google for cache flush of the search system. Today the cache of Google does not contain personal information from the information system SCLMC.