Remember that April breach report from Seattle University involving incorrectly set permissions in some folders in the university’s Microsoft Exchange folder system? Well, it turns out that wasn’t their only problem with folder permissions.
On July 17, Seattle University’s external counsel notified the New Hampshire Attorney General’s Office that on May 25, the university became aware that due to incorrect permissions on an internal drive, anyone with a Seattle University computer account could view scanned checks stored on one of the internal drives. The information included scanned images of personal checks from donors to the university with their names, routing, and account numbers (I would also presume for that some of them, addresses would also be imprinted on the checks, but the letter is silent on the issue of addresses — Dissent).
The university informed the NH Attorney General that it had no evidence of misuse or attempted misuse of the information. Affected residents (nine in New Hampshire) were advised to remain vigilant, but were not offered any free services.