Another day, another major security breach. This time it involves 24,000 past and present employees at the University of Notre Dame. And astonishingly, the data was publicly available on the web for more than three years. It was another case of employee error where a worker inadvertently posted files containing the names, Social Security numbers and zip codes of the employees on a publicly accessible university website.

The data was believed to have been posted on the site in August 2006 and remained there until two months ago when it was discovered and reported to university officials. There is no evidence that the information was inappropriately used, Dennis Brown, Notre Dame's assistant vice president for news and information, told Computerworld.com last week.

The files have been removed and secured. Those affected by the breach have been told about it, and the university has offered to pay for credit card monitoring services. But who's to say if there has been long-term damage? Who knows for sure that the data is not stored on a hacker's system, being sharpened for misuse?

It is just another example of a careless internal problem that created a breach. As much as IT departments are buying all sorts of hack-resistant software, plenty of breaches occur from the inside through carelessness and stupidity. Staff should be fully trained to keep these missteps from happening and those who do make errors should be penalized.

For more on the Notre Dame breach:
- see this Computerworld.com article

Related Articles:
TSA investigates leak of sensitive data
The 10 most terrifying IT debacles of 2009
GAO: DoD loses track of 72,000 combat records
Security breaches are no joke