Mistakes in setting up popular office software have sent information about millions of Americans spilling onto the Internet, including Social Security numbers of college students, the names of children in Texas and the ID numbers of intelligence officials who visited a port facility in Maryland.
The security problem, researchers say, has affected many hundreds of servers running popular Oracle software, exposing a peculiar melange of data to possible collection by hackers. Most of the institutions affected have been universities or government agencies, though they hold a wide range of information on individuals and private companies.
The UCLA Health system, for example, had communications records — including doctors’s names, e-mail addresses and phone numbers — visible online. The Pentagon’s Defense Information Systems Agency, which maintains secure military networks, exposed a contracting database appearing to show $164 million in purchases. Two Texas state agencies failed to protect the personal details of people receiving government services.
This was not the work of sophisticated Russian hackers or Chinese cyber-warriors, who typically get blamed for problems in computer networks. Instead, researchers are pointing to humble system administrators for making routine errors that left the data unsecured.