A file transfer program was installed where it shouldn’t have been: on a server in the Army Reserve Officers’ Training Corps at Boston University. The program made visible in the public domain thousands of affiliated individuals’ personal information, including social security numbers and some birth dates.
The breach was identified on July 28th, at which time university officials say the affected computer was taken offline. The U.S. Army Cadet Command is collaborating with university officials to notify all 6,675 affected people. Only 406 of them were affiliated with Boston University; officials believe the rest of the individuals’ records came from ROTC offices throughout the country.
An investigation conducted shows that the information has been visible since last September, when an ROTC member mistakenly installed the software without approval from the university. The breach wasn’t discovered by the university, but by someone searching the web for something else.
Comments