Monday, June 26, 2006

School Blames Google for Student Information Leak

Via JournalNow.com -

HICKORY -- Catawba County Schools took aim at Google Friday.

The system filed an injunction against the Internet search engine.

The temporary injunction, granted by the Honorable Richard D. Boner, calls for Google to remove any information pertaining to Catawba County Schools Board of Education from its server and index and alleges conversion and trespass against the corporation.
In short, schools say Google grabbed information they shouldn’t have.
Google says they are wrong.

Either way, the names, Social Security numbers and test scores of 619 students were still bouncing around the Web for people with computers to find and read until late Friday, when the page was apparently removed.

Catawba County Schools chief technology officer Judith Ray said her department removed the file from its storage server Friday. They are also working to delete any other electronic files that may contain Social Security numbers or other secure student information.

The information was stored in the system’s DocuShare server, which required a username and password to access, Ray said.

“One of the students on the list had a presence on the Web,” she said. “In Google’s effort to get information on her, one of its spiders latched onto her name in this document. We were not aware that password-protected sites are set up like that. To our knowledge, Google could only cache unsecure information that did not require a password or username.”

She’s right, Barry Schnitt, Google spokesman, said. “If there is a password, we cannot access or cache the site,” Schnitt said.

While the argument between the school system and Google continues, parents are voicing their own frustrations.

The central office received more than 50 calls from concerned parents and relatives Friday, said public information officer Beverly Lampe. One parent shared with Lampe that her daughter has been a victim of identity theft within the last year. The young woman’s name is on the list of 619 students.

Letters were mailed Friday to the parents of students whose name and information is floating on the Internet, alerting them to the situation.

Markley said information for parents is also available on the school system’s Web site.
“We have very secure systems here,” Markley said. “There are other private businesses and companies that don’t, so parents should be watching those as well.”

On the Net:

www.catawba.k12.nc.us


------------------------------------------

So the school most likely screwed up and now they want to point the finger at an automatic bot that searches the internet? Given, Google is pretty damn good at what is does....but it only grabs what it can see.

A simple robot.txt file would fix it.

So the school system's computers are so secure that they didn't have a robot file that disallows searching by bots???

Ummm yeah...

I have a better idea, if you don't want the information on the internet...don't put it on a internet facing computers. Period.

So it was password protected? Was it using SSL? Or could I have just grabbed the password via a simple MITM attack?

Companies are getting lazy with our personal information and I am getting sick of it...seriously.

No comments:

Post a Comment