About a month ago I posted about breaches at educational institutions, and suggested that rectifying the problem could start by simply not hoarding PII (personally identifiable information) unnecessarily.

Today I read about this breach at Northwestern University (not the first data breach for them) where social security numbers of 4,000 individuals may have been compromised, including all those who attended a certain program from 1991 to 2007.

Why oh why would the university need to keep SSNs of people who went there in 1991?! Surely there are some other ways of identifying those individuals. Why take such unnecessary risk?

Like a Greek tragedy unfolding, you know that the SSN appearing in the first scene will be breached in the end. Tragic, but in this case entirely avoidable.