my school sends....

Darthn3ss

sensitive data in clear text. how great is that?

I got an email yesterday from my school with my full name and social. pretty much enough information to go get me a couple new credit cards.

they sent it after i submitted it on their website on some student loan form.

maybe i should call their it department on that one...

hypnotoad

While I don't think it violates FERPA or HIPAA, I think it is pretty crappy of them. Especially the way email gets processed and archived by a lot of servers.

Hopefully it is an easy fix for the programmer to pull out the social or at least mask part of the social and not email it back to you...

undomiel

It would be a very easy fix for any programmer as long as they actually have access to the source code. I've noticed lots of lazy programming on the web though. Forcing people to enter data the way THEY want it instead of parsing the data into the form that they want for instance.

dynamik

It shouldn't be included at all. You know what it is. Why are they sending it to you? It irks me when places that have sensitive information like that get careless with it. Identity theft is a huge PITA to deal with.

Darthn3ss

well it looks like its a confirmation for selecting the lender for my student loan.

JDMurray

I once received a password-protected PDF contract from a large financial institution involving a student loan. The password of the PDF was my SSN. I guess someone figured that'd be a great way to make sure that only people who knew my SSN could view the PDF. What that someone didn't know is that it takes only a few seconds to crack a PDF file protected using a nine-digit password. I hit the ceiling, sent a scathing email, and never received a live response. I wonder if they are still doing that and, if so, why no one has bothered to alert their CSO.

cgrimaldo

JDMurray wrote:

I once received a password-protected PDF contract from a large financial institution involving a student loan. The password of the PDF was my SSN. I guess someone figured that'd be a great way to make sure that only people who knew my SSN could view the PDF. What that someone didn't know is that it takes only a few seconds to crack a PDF file protected using a nine-digit password. I hit the ceiling, sent a scathing email, and never received a live response. I wonder if they are still doing that and, if so, why no one has bothered to alert their CSO.

My lenders for school do that currently. I cringe every time I receive another email from them.

Mmartin_47

This is why security will always be a hot topic...

astorrs

cgrimaldo wrote:

JDMurray wrote:

I once received a password-protected PDF contract from a large financial institution involving a student loan. The password of the PDF was my SSN. I guess someone figured that'd be a great way to make sure that only people who knew my SSN could view the PDF. What that someone didn't know is that it takes only a few seconds to crack a PDF file protected using a nine-digit password. I hit the ceiling, sent a scathing email, and never received a live response. I wonder if they are still doing that and, if so, why no one has bothered to alert their CSO.

My lenders for school do that currently. I cringe every time I receive another email from them.

I would be irate like JD, that is totally inexcusable in today's world. Ridiculous.