From: Proofpoint Alerts <do-not-reply@protect.proofpoint.com>
Subject: Exposed sensitive Stanford data -- action needed
-------------------------------------------------------
Dear Mike,
As part of Stanford’s File Storage Security Program, our automated file scanning tool identified a file of yours that is broadly exposed and appears to contain sensitive data. Please be aware that sensitive data are often embedded in documents and are not readily apparent. At your earliest convenience, please examine the file sharing settings and remove any unnecessary permissions, then reply to let us know what action you took.
You can find instructions and guidance for safely sharing files at uit.stanford.edu/security/filestorage. Be sure to share with the minimum number of individuals necessary, and only use public sharing or a “shareable link” when the file is truly intended for public access.
File storage system: Google Drive
File: Sample File Name
To locate the file, search for the file name in the indicated storage system.
Please direct any questions to your local IT support team or submit a help request at services.stanford.edu.
Background
The File Storage Security Program is a high-profile, university-wide initiative sponsored by the CIO Council. The program was established in late 2017 in response to a series of privacy incidents that brought the problem of misconfigured file permissions to the University’s attention. The program is progressing under advisement by the Board of Trustees, Provost Drell, the Privacy Governance Council, and the pertinent Faculty Senate Committees (C-Res and C-ACIS). The program is managed by Mike Takahashi (mtak@stanford.edu).
You can learn more about the File Storage Security Program at filestoragesecurity.stanford.edu. The service page is at uit.stanford.edu/security/filestorage. And you can contact the File Storage Security Working Group via email at file-security-wg@lists.stanford.edu.
Warmest regards,
File Storage Security Working Group
