my school sends....
sensitive data in clear text. how great is that?
I got an email yesterday from my school with my full name and social. pretty much enough information to go get me a couple new credit cards.
they sent it after i submitted it on their website on some student loan form.
maybe i should call their it department on that one...
I got an email yesterday from my school with my full name and social. pretty much enough information to go get me a couple new credit cards.
they sent it after i submitted it on their website on some student loan form.
maybe i should call their it department on that one...
Fantastic. The project manager is inspired.
In Progress: 70-640, 70-685
In Progress: 70-640, 70-685
Comments
-
hypnotoad Banned Posts: 915While I don't think it violates FERPA or HIPAA, I think it is pretty crappy of them. Especially the way email gets processed and archived by a lot of servers.
Hopefully it is an easy fix for the programmer to pull out the social or at least mask part of the social and not email it back to you... -
undomiel Member Posts: 2,818It would be a very easy fix for any programmer as long as they actually have access to the source code. I've noticed lots of lazy programming on the web though. Forcing people to enter data the way THEY want it instead of parsing the data into the form that they want for instance.Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
-
dynamik Banned Posts: 12,312 ■■■■■■■■■□It shouldn't be included at all. You know what it is. Why are they sending it to you? It irks me when places that have sensitive information like that get careless with it. Identity theft is a huge PITA to deal with.
-
Darthn3ss Member Posts: 1,096well it looks like its a confirmation for selecting the lender for my student loan.Fantastic. The project manager is inspired.
In Progress: 70-640, 70-685 -
JDMurray Admin Posts: 13,089 AdminI once received a password-protected PDF contract from a large financial institution involving a student loan. The password of the PDF was my SSN. I guess someone figured that'd be a great way to make sure that only people who knew my SSN could view the PDF. What that someone didn't know is that it takes only a few seconds to crack a PDF file protected using a nine-digit password. I hit the ceiling, sent a scathing email, and never received a live response. I wonder if they are still doing that and, if so, why no one has bothered to alert their CSO.
-
cgrimaldo Member Posts: 439 ■■■■□□□□□□JDMurray wrote:I once received a password-protected PDF contract from a large financial institution involving a student loan. The password of the PDF was my SSN. I guess someone figured that'd be a great way to make sure that only people who knew my SSN could view the PDF. What that someone didn't know is that it takes only a few seconds to crack a PDF file protected using a nine-digit password. I hit the ceiling, sent a scathing email, and never received a live response. I wonder if they are still doing that and, if so, why no one has bothered to alert their CSO.
My lenders for school do that currently. I cringe every time I receive another email from them. -
astorrs Member Posts: 3,139 ■■■■■■□□□□cgrimaldo wrote:JDMurray wrote:I once received a password-protected PDF contract from a large financial institution involving a student loan. The password of the PDF was my SSN. I guess someone figured that'd be a great way to make sure that only people who knew my SSN could view the PDF. What that someone didn't know is that it takes only a few seconds to crack a PDF file protected using a nine-digit password. I hit the ceiling, sent a scathing email, and never received a live response. I wonder if they are still doing that and, if so, why no one has bothered to alert their CSO.
My lenders for school do that currently. I cringe every time I receive another email from them.