Student Journalist Punished by University After Reporting On Its Data Spill: Western Oregon University student journalist Blair Loving found a list of prospective students' names, grade point averages, test scores, Social Security numbers, and other data exposed on a public university server last June, and promptly did the right thing: he told the university, then reported the leak in the campus newspaper, the Western Oregon Journal.

We all know what's supposed to happen next: the college warns the people that it exposed, offers to pay for credit monitoring services, and issues a public apology for its incompetence.

Except in this case, someone in charge at Western Oregon University apparently learned data breach best practices from Richard Nixon. The college conducted a nighttime search of the college newspaper's office, initiated disciplinary proceedings against Loving, and fired the school's longtime journalism adviser,' Susan Wickstrom. From the Student Press Law Center:

Two months after the university's investigation into the breach, university officials informed Wickstrom that her contract would not be renewed. In a letter addressed to Wickstrom, (Vice President for Student Affairs Gary Dukes) cited her failure to remind students of computer policies and mishandling of the disc that contained the information as reasons for her dismissal. The letter said that she left the disc in her unlocked office and later allowed it to be taken off campus.

Loving was found in violation of the university's policy regarding computer use, which prohibits 'accessing clearly confidential files that may be inadvertently publicly readable.' After a disciplinary hearing on Sept. 28, Loving told The Oregonian that he would not be expelled, but he has to publish an article in the Journal about the importance of computer policies and create a proposal to help students understand the computer policy.

There's more from the Oregonian.

No action was apparently taken against the person responsible for the data spill, which Dukes blamed on a 'mechanics issue' -- the lamest dodge since 'the dog ate my homework' or 'my internet was spoofed.'

(Read Original Article - Via Threat Level.)