Sports

Star Wide Receiver Cooper Barkate, 7 Other Harvard Football Players Enter Transfer Portal

News

Cambridge City Council Takes First Step Toward Eliminating Broker Fees

News

Beth Israel Medical Center Residents and Physicians File for Unionization

News

As Students Denied Refunds, Blame Game Begins Over Harvard-Yale Pregame Debacle

News

Man Arrested for Secret Sexual Surveillance at Harvard’s Hemenway Gym

Roberts Winters at Cambridge City Council Candidate Forum

News

Cambridge Residents Slam Reappointment of Inflammatory Blogger to City Committee

News

Social Science Dean Lawrence Bobo To Take Unexpected Leave in Spring Semester

Tracking the Digital Trail

Amidst audit to protect sensitive information, Harvard faces data security challenge

By Joshua P. Rogers, Crimson Staff Writer June 9, 2005

Students who work with HASCS as User Assistants (UAs) also have the ability to match ID numbers with student names in moments.

Recognizing the risk of this capability, HASCS requires UAs to sign an agreement with the General Counsel’s office promising not to share this information or use it improperly.

And the ID numbers of all residents of Mather House in the Class of 2007 were accidentally posted along with room and mailbox assignments to the House open list in August 2004.

A number of Harvard online applications continue to require no more than an ID number and a birthday or name to access.

For example, anyone with access to an ethernet jack or within a wireless network on campus can delete or register a Harvard network connection with only an individual’s ID and last name. This could permit someone to illegally share files which would be traceable to another person’s IP address.

Additionally, any user can download or post resumés, or accept or decline interviews, on another user’s eRecruiting account, provided one can obtain a Harvard ID and birthday.

The latter of which is listed for all undergraduates on the College’s online facebook at facebook.fas.harvard.edu, and is more widely accessible via websites like anybirthday.com.

Websites like Lexis-Nexis and Accurint also provide individuals’ social security numbers. Using a Harvard ID and the last four digits of a student’s social security number, it is possible to activate mail forwarding, which will send all campus mail to a different physical address.

Faculty and teaching fellows regularly post grades in spreadsheets listed by ID numbers, and this year all 311 students in Psychology 1, “Introduction to Psychology” had their ID numbers released during the fall semester.

And at least two pizza delivery services listed on the cash.harvard.edu website will allow students to order food using Crimson Cash by reading an ID number over the phone and did not ask for ID or name verification upon delivery when The Crimson placed an order.

With nothing more than a single ID number, anyone can spend others’ Crimson Cash.

Steen acknowledges that students with Crimson Cash balances are at much higher risk when their ID numbers are displayed.

“Originally you were supposed to use your card with the Crimson Cash and you needed to have it in your possession,” Steen says. “But you can lose your money and it’s of concern.”

According to Jami M. Snyder, communications coordinator for HUDS, vendors who accept Crimson Cash are supposed to physically swipe ID cards that are used for transactions.

“Those who fail to do so are liable for any fraudulent charges and would be charged accordingly,” Snyder writes in an e-mail. “Customers are urged to monitor their accounts closely, and to report any suspicious charges immediately.”