A former classmate back in the day messaged me today about Wentworth leaking social security numbers for the public to see and was accessible via google search. I literally typed my full name and social security number into Google and it was the first thing to come up. I was amazed to find out that the college I attended for a couple years ended up having a plain-text csv file on their webservers that contained full names, social security numbers, birth dates, and allergy information on their website. This file ended up being only the freshman class of 2003, yet it still looked to be hundreds of entries from what I saw.
While at Wentworth, I was taking the Computer Networking and Information Systems course, and later dropped out due to lack of interest and the outdated material that was presented during classes. Granted that racked me up with a bunch of debt, but I feel I made the right choice.
Wentworth is one of the top schools for technology related material located in Boston, Massachusetts and I was surprised that this information was there in plain sight.
I have recently checked the original link and it appears to be down, yet Google still retains a cached version that can be found if you have the right search terms. I called Wentworth asking for more information and what could be done about this, yet it appears they are closed. (Nothing much has changed apparently, it was always hell to get a hold of someone within student services.) I will update if they ever call me back…
So, I guess my question is what are the next steps? Should media be notified of this incident, should my SSN be changed? It blows my mind that a technology-driven school such as this could make such a mistake and have this information available to the public masses…. Shouldn’t this be stored in a database somewhere rather than on an external facing site!? This type of stuff makes my jaw drop!