ORCID Reports Security Incident, Some E-Mail Addresses Exposed
ORCID’s Executive Director, Laurel Haak, has posted about a security incident involving the ORCID web interface that took place for about 16.5 ending yesterday morning U.S. time.
She writes:
Yesterday (February 18) we experienced a security incident with the web interface of the ORCID Registry that affected 46,823 users (~2.5% of ORCID records). ORCID record information marked as private, specifically email address(es), was exposed. No passwords were exposed. Works, funding, and affiliation data were not affected, nor were the ORCID APIs that connect the Registry to external databases. We have no reason to believe that there was any data misuse.
The exposure was limited to the online public view of ORCID records that were accessed during the incident timeframe (21:07 (UTC) 2016-02-17 to 13:35 (UTC) 2016-02-18). We have contacted all users who were directly affected and set up a dedicated email to deal with questions and concerns.
Haak goes on to apologize for the incident and says that ORCID will be posting their Data Security Policy next week for public comment.
Direct to Complete Blog Post
Filed under: Data Files, Funding, News, Patrons and Users, Reports
About Gary Price
Gary Price (gprice@gmail.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. He earned his MLIS degree from Wayne State University in Detroit. Price has won several awards including the SLA Innovations in Technology Award and Alumnus of the Year from the Wayne St. University Library and Information Science Program. From 2006-2009 he was Director of Online Information Services at Ask.com.