Saturday, October 30, 2010


Is there an attorney who can defend us against University of Hawaii data leaks?

by Larry Geller

There’s been another serious breach of student’s personal information at the University of Hawaii. See Saturday’s Star-Advertiser story Privacy protector found UH data dump (10/30/2010).

Then check the website linked below to see if your personal information was compromised. As you know, that could lead to any of the numerous consequences of identity theft.

My name was in the database. What now?

Does anyone know of an attorney working on this issue? If so, for all of us affected, it would be a help. Both federal law (FERPA) and possibly Hawaii law appear to have been violated. Here is the data that was leaked from my records:

The website advises that in addition to names, social security numbers and dates of birth, some or all of the following information was breached for each student:


I notice that UH did not notify me that my name was among those that were breached. I received nothing from them, no email, no snail mail, no phone call.

And as the press release from the National ID Website notes, the University of Hawaii has a history of security breaches:

HONOLULU, Hawaii. The University of Hawaii-Manoa and has breached the personal information of 40,101 students who attended between 1990-1998 and 2001, including names, social security numbers, dates of birth, addresses, demographic, and detailed academic performance data. These UH-Manoa students are at increased risk of identity theft and fraud. The information was posted on an insecure, unencrypted University of Hawaii-West Oahu (UHWO) website for almost a year. Some of the affected alumni attended UHWO. Alumni attending other years and on other campuses may have also been affected by the breach. This latest breach follows on the heels of a May, 2010 breach involving 53,000 students, and a 2009 breach involving 15,487 parents and students. …

I am thinking that it might take a class-action lawsuit to compel UH to provide sufficient education for its personnel and controls on access to personal data. Clearly, they do not have either in place.

The data that was breached was on a faculty member’s home computer. Why was that allowed/condoned? How many other faculty or staff are taking home personal data? Who made the data available to them? Can a faculty member just walk into an administration office and get hold of anyone’s data? Should not the administration be held liable for the data breach, since they handed it over in the first place?

If you have been a UH student, go to the website linked above, put your name in, and see what they might have leaked of your personal data.

The website suggests what you need to be do if your SS number and other info have been leaked. Taking the precautions suggested will cost time, money and mental anguish.

I suggest we consider a way to act together for compensation for the trouble and to prevent future leaks such as these. That will probably involve a knowledgeable attorney.

Your thoughts?


Post a Comment

Requiring those Captcha codes at least temporarily, in the hopes that it quells the flood of comment spam I've been receiving.

<< Home


page is powered by Blogger. Isn't yours?

Newer›  ‹Older