Security Breach at USC

USC did "the right thing," said Carole Theriault, security consultant with Sophos. The university shut down the compromised online application tool. "The university probably will be more diligent in the future," she noted, adding, though, that holes of this type are nearly impossible to avoid completely.

The list of enterprises and institutions that have experienced major information security breaches continues to grow.
The University of Southern California said it will be contacting about 300,000 people who used an online application form to let them know that their private information might have been compromised.

A prospective student discovered the security hole while using the online application, according to press reports.

He confirmed the privacy problem by attempting to access a group of about 40 files and then reported the problem to online security organization SecurityFocus, which in turn informed the university.

read the rest at: