VoIP Tech Chat

Our hero Benjamin Franklin

The University of Florida is in Gainesville — my private information is everywhere.

GAINESVILLE, FLORIDA — For the third time in less than a year, the University of Florida reported a breach exposing personal information. This time, the breach includes the names and social security numbers for more than 90,000 people. In this latest attack, the University announced the hack was executed by an “intruder” and that the University of Florida Police Department was notified.

Ok, at this point, I need to go ahead and just vent. I’m sorry to have a soap box moment… but the Police Department was notified? Yay! Thank God, Buddha, that little idol Bobby found when the Brady’s visited Hawaii, or whatever higher power works for you. I can now sleep soundly knowing that the police department was notified after my information was already out there. Sweet!

If this was the first time this happened, I would be disappointed. I can tell you that without hesitation, because when this actually happened the first time (June 2008), I was disappointed. If this were the second time? Well, when this happened the second time (November 2008), I was annoyed. Now that this has happened the for the third time? Well, honestly I haven’t decided if I’m angry, postal, or just bleeping bleeped off. (Trying to keep this PG rated)

In November, when we reported the breach of 344,000 names, birth dates, social security numbers (and more) from the University, I said simply that I expected “more” from Florida’s flagship University. Now, I demand it.

In June, we spoke of encryption. When you read “lessons learned” from security breaches, you most often hear of the business, institution, or even individual work to strengthen their outside protection while at the same time encrypting sensitive information. Encryption at this point isn’t just a good idea, it’s seriously the least UF can do to demonstrate that they take security seriously. And encryption isn’t the catch all end all here… it’s just a first step that should have been taken months ago.

And let’s think about this another way… Sure, the University as a public institution enjoys a certain degree of civil immunity. However, at what point do we say the University’s handling of Personally Identifiable Information is simply negligent. After the second breach, what actions were done to protect data? (I’m not being sarcastic here, I’m literally asking “Hey, what actions were taken?”)

Now that UF has three strikes, can we get a new batter to the plate? The University of Florida is a large, prosperous institution. Whilst (look I used whilst) the University complains of limited resources and inability to pay professors a decent salary, the University’s President banked $731,811 (in 2008). The football coach makes over $3 million dollars. I bet you that for only $200,000 we can get a great executive to run the University. This first year’s savings of 500k could more than fortify some immediate security needs.

Sadly, there’s no public outrage here. Maybe no-one else was effected, or maybe I’m one of the few who were effected each of these three times. But regardless, I am simply disgusted by my alma mater and think it’s time for us to demand that Florida not only learn from their mistakes, but actually demonstrate how to properly secure information.

Yes, you struck out. You missed three easy pitches. Pitches my friend’s daughter would have knocked into the nose-bleeders — but the good news is that there’s still another inning. The bad news is I’m in the stands and I got a whole box of cracker jacks. I think you hear me knocking…

So c’mon Gators. Let’s pretend this is important and knock it out of the park. My name is Fred and I’m a Gator.

For those of you not familiar with the University of Florida, the opening statement mocks an advertising campaign from Florida a few years back, “The University of Florida is in Gainesville — the Gator Nation is everywhere.” It’s actually a cool ad, available from YouTube.