[BreachExchange] Directory displays personal information after update

Destry Winant destry at riskbasedsecurity.com
Tue Oct 1 10:16:56 EDT 2019


https://northernstar.info/news/directory-displays-personal-information-after-update/article_fb80c394-e3b1-11e9-8901-9b905e73463f.html

Student cell phone numbers, personal addresses and emails are
available by default through NIU’s directory, after an update last
week.

NIU updated its online directory, making student information available
to those with a university login, but revealing more personal
information behind that wall. The older version of the directory did
not have an authentication barrier, but student email was the only
accessible information.

Students can hide their personal information on the directory through
the following steps:

Go to directory.niu.edu.
Click “Login” on the right side of the screen.
Enter your Z-ID and password.
Once logged in, click “Self-Service” on the left side of the screen.
Click “Modify your profile.”
Login again with your Z-ID and password.
Click “Edit Your Information” to the right of your name.
Click mark the “Hide” option on each attribute listed.
Click “Save Changes.”

Chief Information Officer Matt Parks said he will consider making this
information unavailable by default. He said the process would take
some time, as he has to discuss it through official channels before he
could make the change.

Aziz Zeidieh, senior communication major, said he noticed the change
last Thursday while trying to look up a professor’s email and was
immediately concerned.

“From a social engineering standpoint, you can do a lot of damage with
that data,” he said.

Zeidieh said he logged in and set his information to be hidden, but it
took at least 12 hours for his data to update.

He said he was able to find the information of someone who had left
without graduating NIU three years ago. That person was unable to
login to set their information to hidden since his login was no longer
valid, he said.

Parks said IT is implementing a system for accounts that will prevent
old accounts from staying in the system for long.

For now, students who cannot login but are concerned about their
information can call NIU’s IT at 815-753-8100, 7 a.m. to 10 p.m.
Mondays through Fridays, and request a password reset, Parks said.


More information about the BreachExchange mailing list