Hacked uni’s admins hand ID theft prevention reward to data burglars
I wish this was an April Fools’ Day prank, but it’s not. Alexander J. Martin reports that Bradley University’s response to their recent breach may just have made things worse for their employees. Keep in mind as you read the following that the breach involved Social Security numbers:
The private institution then attempted to mitigate the fallout from a data breach by offering a free LifeLock subscription to those whose information may have been compromised.
Unfortunately, the university has not developed any security protocols further than users being able to construct their member ID from their surname plus the last 4 digits of their SSN (e.g. MARTIN1234), exactly the type of private details which had just been stolen by the data burglars.
Should the criminals manage to use the identity protection system (intended to detect fraudulent applications) to manage the proceeds of heists, it could net them stalker privileges or even allow full-on identity theft.
Read more on The Register.