NYU has actually contacted the affected students. I've removed the information from my website - it's served its purpose. Although NYU fell short of accepting responsibility for the incident, their notification does well to inform all involved of the privacy risk suffered due to NYU's publication.
I had previously described the culmination of yesterday's events as "awesome". In fact, it was merely adequate. What would have been awesome is if none of this had happened in the first place. I wonder if I could have done a faster, better, safer job. I'd like to extend my sincere apologies to all involved, and my thanks to those who have offered their support and constructive criticism. Note that I have no malice for NYU or any of its students, and I wish you all the best of luck going forward.
It's been insinuated that I unlawfully gained access to NYU's computer systems in order to download the list of student information. That's simply not true - the documents were out in the open on NYU's public website and could be found easily through a simple web search. You don't need to take my word for it either: you can check for yourself by entering "nyu.edu vball bowling" (without the quotes) into the search form at teoma.com. As of today, NYU's site is still the first search result and Teoma is still showing excerpts of NYU's site complete with phone and social security numbers.
NYU also claims that it was never contacted regarding the information on its website. Even assuming my message to NYU in early December was lost or misdirected, it's difficult to imagine how NYU would not have received many other complaints about its site. After all, the student information appears to have been on NYU's public website for almost two years and was appearing on web searches for at least the later part of that time period. I can't think of any reason why the information would have stayed on NYU's public site for such a long time except that NYU was ignoring complaints about it.
A friend of mine found something alarming while searching for his sister's name on the search site at teoma.com. Teoma is a public search site similar to Google or MSN Search. It appeared that NYU had published personal information about his sister along with a large number of other student names, telephone numbers, and what might be SSN/TIN's on NYU's public website at http://www.nyu.edu/classes/mia/public_html/cgi-bin/data/indidetails.txt. Judging by the range of dates on entires in this file, it was likely present on NYU's web site for almost 2 years from January of 2002 until December of 2003.
On December 5, I took a copy of NYU's site for my personal mirror collection, so I would have my own proof of what was there in case NYU claimed that page never existed. Sometime thereafter, NYU quietly removed the document from their public site without making any notification to the affected students. At almost midnight on December 25, 2003, Jane DelFavero, Network Security Manager at NYU, sent me a message asking that I remove the mirror from my website. I had planned a prompt reply declining her request but got sidetracked with holiday celebration and other personal tasks. Leona Chamberlin, Associate General Counsel at NYU, eventually followed up on January 7, 2004 in a message citing the California Civil Code and referencing a similar threatening letter sent via UPS overnight both alluding to the necessity of legal action should I not remove the mirror. I eventually sent this reply to Ms. DelFavero's original message, copying all involved.
I was also contacted by Orrie Sion, a student who was affected by NYU's disclosure. Orrie expressed genunie concern that the information NYU published would be misused. Orrie's message is the reason for this new site which shall take the place of the original mirror.
The file published by NYU contained a field titled "Phone" and another titled "SS#". Correspondence with NYU indicates that SS# may be the student's social security number or a student identification number which is usually the same as the student's social security number. The numbers are provided here so that a person searching for their number will discover this page and along with it, NYU's wrongdoing. A person on the list of names above who believes that NYU published their number(s) can search for them in the list below to confirm.
Many students were wise and left one or both of these fields blank. For the benefit of those who did not, these numbers are sorted in numeric order to prevent them from being related to the above names and reduce the risk of misuse by unscrupulous persons. Because some students disclosed their information to NYU multiple times on different dates and NYU published each record individually, the sorted list of numbers has duplicates removed to prevent correlation.
The original file from NYU's website had fields for Sport, School, Availability, and another field called "All The Rest" which seemed to contain information about gender, sports, and enrollment type. That information is not reproduced here, as it is unlikely to help anyone find this page. If you're curious what NYU had about you in those fields, please email me at brianr-nyuquestions@osiris.978.org. For your privacy benefit, I will send the information only to the email address or telephone number listed for you in the file originally published by NYU.
Previously a list of affected names and email addresses. A sampling is available to journalists with the caveat that it be used only for contacting interview candidates.
Previously a list of telephone numbers, without names, sorted numericly. No longer available.
Previously a list of social security numbers, without names, sorted numericly. No longer available.
