Msg#: 4386916 posted 10:16 pm on Nov 14, 2011 (gmt 0)
My daughterís high school recently posted the results of their standardized tests that included the kids SSNs. It was detected within a few hours but the page was viewed 60 times by 44 different IP addresses.
I asked the school board for the list and most of them were local but 10 or so were either non-US or from university networks.
Iím looking for advice or guidance on how I can gather more information about the hosts, the domains on them, who owns them and any other data that may assist with assessing the severity of the exposure.
Msg#: 4386916 posted 12:35 am on Nov 15, 2011 (gmt 0)
Already used whois to narrow it down to 10. . . Example. . . .
Is there anyway to find out what's on the IP Address below?
NetRange: 126.96.36.199 - 188.8.131.52 CIDR: 184.108.40.206/8 OriginAS: NetName: 95-RIPE NetHandle: NET-95-0-0-0-1 Parent: NetType: Allocated to RIPE NCC Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at [ripe.net...] RegDate: 2007-07-30 Updated: 2009-05-18 Ref: [whois.arin.net...]
Msg#: 4386916 posted 2:23 am on Nov 15, 2011 (gmt 0)
I assume that anyone who has access to the more restricted information sources-- the ones you have to pay for-- will contact you individually.
Two other thoughts:
Any possibility of interesting either law enforcement or the Social Security Administration? They claim to get very worked up about stolen SSNs. And you can get a ### of a lot more information if you can wave a subpoena around.
If you're down to ten unknowns-- assuming for the sake of discussion that all the local viewers are law-abiding, trustworthy people who would never ever misuse accidentally obtained information-- how much further can you get with ordinary human legwork? "My uncle's on vacation in Poland and I know he was really eager to see the results" and "I've applied to Bzzt University and told them when and where my results would be posted" and so on.
Msg#: 4386916 posted 8:42 am on Nov 15, 2011 (gmt 0)
I think the school system has investigated those options. The servers were not hacked so there's no crime committed (other than carelessness). Not sure about the Social Security Admin but will find out.