Google’s Index Exposes Over 43,000 Social Security Numbers
When you are the world’s biggest search engine, indexing billions of web pages, you are bound to get things wrong sometimes. And so it is that Google is once again answering questions about a breach in its index that has exposed sensitive data.
It’s not clear how it occurred, but reports are that a Google index change (Google started indexing FTP servers in 2010) resulted in the Social Security Numbers (SSNs) of 43,000 Yale University students being available via search. That’s the bad news.
The good news is that the data doesn’t seem to have been exploited in any way. Whew…that was close. Still, the fact that Yale stored such sensitive data on an unsecured FTP server raises questions about the extent of Google’s culpability. Search engines after all, are not deliberate or malicious in how they index data—they only index data that they are allowed to index.
Data security is one of those hot topics that get tossed around the debating circle without any clear direction. Do search engines have a responsibility to index more selectively? The answer is not one that can be answered given the inherent regulatory remits of online data protection. Jurisdiction also plays a part. European regulators are more disposed to levying fines and tightening the clamps on errant search engines, but North American privacy laws are sometimes not so robust. Proof of this is clearly evident in the fact that since the start of the year (2011), no fewer than 3 U.S. universities have had their students’ data exposed to all and sundry.
Google doesn’t seem ready to hold up its hand and accept blame for this one though. For now, the responsibility for protecting sensitive data rests it seems, with the data user. It may be SSNs today, but it could easily become bank details tomorrow.
Do you think search engines need greater regulation? Share your thoughts with us in the comments below.