Educational Security Incidents (ESI) - Sometimes the free flow of information is unintentional

Email Attachment Contains Suffolk Student Social Security Number

Adam Dodge — Sun, 04 Oct 2009 19:53:52 -0500

Quick Facts

Date: 10/4/2009
Institution: Suffolk Community College
Type of Incident: Unauthorized Disclosure
Number Affected: 300
Source: ESI
Abstract Source: Newsday.com

Abstract
Suffolk Community College is offering credit monitoring after an email attachment containing Social Security numbers was accidentally sent out. The email contained an attachment with the names and Social Security numbers of 300 students. The mistake was discovered a day later and officials took action. The email server was shut down and the message was removed from accounts. In a second letter to the affected students, the college included instructions on how to take advantage of the credit monitoring.

[Update1]Server Containing UNC-Chapel Hill Study Breached

Adam Dodge — Thu, 24 Sep 2009 19:20:28 -0500

Quick Facts

Date: 9/24/2009
Institution: University of North Carolina - Chapel Hill
Type of Incident: Penetration
Number Affected: 160,000 [Updated]
Source: DataBreaches.net
Abstract Source: News-Record.com
Update1 Source: NewsObserver.com

Abstract
The University of North Carolina at Chapel Hill is working to notify thousands of women after a breach of a server containing a medical study was discovered. The server, one of two involved in a 14-year project analyzing mammography results, contained data on 236,000 women including 163,000 Social Security numbers. The breach was detected in July and UNC-Chapel Hill officials hired an outside forensic firm to help investigate the breach. After two months, the University still does not know who is responsible for the breach of if the data on the server was downloaded. According to the chairman of the UNC-CH Department of Radiology Matthew Mauro, the breach have been as much as two years old. The breach has caused the UNC-CH Medial School to reevaluate all computer security measure. The University held off notification letters until the investigation was completed and will soon begin notifying all those affected.

Update1
The recent security breach at UNC-CH was less severe then first thought. According to officials, the files accessed contained information on 160,000 women including 114,000 Social Security numbers. The University has setup a hotline - 877-434-3065 - to help answer questions about the breach and the investigation.

EKU Social Security Numbers Online For A Year

Adam Dodge — Thu, 24 Sep 2009 19:08:06 -0500

Quick Facts

Date: 9/24/2009
Institution: Eastern Kentucky University
Type of Incident: Unauthorized Disclosure
Number Affected: 5,045
Source: DataBreaches.net
Abstract Source: Kentucky.com

Abstract
Eastern Kentucky University recently notified faculty, staff and student workers after a file containing Social Security Numbers was found online. The file, accidentally placed online in September 2008, contained the names and Social Security Numbers of 5,045 individuals on the EKU payroll in 2007-2008. According to EKU President Doug Withlock, the file could only be found by accessing the exact file name or by those that conducted a precise Google search. EKU has setup a web site - www.ecert.eku.edu - and a hotline - 859-622-7777 - to help answer questions about the incident.

Security Breach at University of Florida

Adam Dodge — Mon, 14 Sep 2009 06:43:54 -0500

Quick Facts

Date: 9/14/2009
Institution: University of Florida
Type of Incident: Unauthorized Disclosure
Number Affected: 34
Source: DataBreaches.net
Abstract Source: University of Florida News

Abstract
The University of Florida announced a recently discovered security breach of personal information. The breach involved a file containing the 34 names and 25 Social Security numbers of trainers working with the Florida Traffic and Bicycle Safety Education program in 2006. The file the unsecured file was removed as soon as it was discovered by university techs during a routine security check. While the file was last modified in 2006, the university believes that the risk to personal information is low. The university has setup a web site - privacy.ufl.edu/ - and hotline - 877-657-9133 - to help answer questions about the incident.

University of Vermont Announces Credit Card Breach

Adam Dodge — Wed, 02 Sep 2009 07:03:15 -0500

Quick Facts

Date: 9/2/2009
Institution: University of Vermont
Type of Incident: Unknown
Number Affected: N/A
Source: ESI
Abstract Source: Consumer Loan Wire

Abstract
The University of Vermont recently announced that a number of university credit cards have been compromised. According to the university, up to 242 university-funded credit cards have been used for fraudulent activities. The university was notified of the compromise by the issuing bank. At this point, the university is not certain how the credit cards became compromised.

Theft Affects BCTC Students

Adam Dodge — Mon, 31 Aug 2009 06:52:04 -0500

Quick Facts

Date: 8/31/2009
Institution: Bluegrass Community and Technical College
Type of Incident: Theft
Number Affected: 100 or less
Source: DataBreaches.net
Abstract Source: WTVQ

Abstract
Bluegrass Community and Technical College recently announced that student information was college from the college. According to college officials, the theft affected less then 100 students and involved personal information and Social Security numbers. At this point, there is very little information available about this incident.

UMass Computer Breach Exposes 20 Years Of Personal Data

Adam Dodge — Fri, 21 Aug 2009 22:04:56 -0500

Quick Facts

Date: 8/21/2009
Institution: University of Massachusetts Amherst
Type of Incident: Penetration
Number Affected: Unknown
Source: ESI
Abstract Source: Telegram.com

Abstract
The University of Massachusetts Amherst recently announced the breach of a computer containing 20 years worth of student information. The breach, which occurred between September 15 and October 27 oflast year, involved a single sever contain the names, Social Security numbers and a limited amount of credit card information on students that attended UMass between 1982 and 2002. While the university is not releasing the exact number affected, the breach does affect a large number of former graduate and undergraduate students. According to the university, while UMass was aware of the incident last fall, notification was delayed to allow for a full investigation. The university has placed a notice on its web site - www.umass.edu/computerintrusion/legal.html - with more information for those affected by the incident.

File Sharing Program on BU ROTC Computer Exposes Personal Information

Adam Dodge — Thu, 20 Aug 2009 20:51:47 -0500

Quick Facts

Date: 8/20/2009
Institution: Boston University
Type of Incident: Unauthorized Disclosure
Number Affected: 6,675
Source: OSF DataLoss DB
Abstract Source: Boston University News Release (DataLoss DB archive)

Abstract
Boston University is notifying several thousand students after personal information was found online. The files, belonging to the university ROTC program, contained the names and Social Security numbers of 6,675 individuals. According to the university, 406 of the individuals were BU students and the rest most likely belong to individuals involved with ROTC programs around the country. The files were accidentally released to the public in September 2008 after a file sharing program was installed on the computer without the consent of the university. The university worked quickly to remove the computer from the network once notified of the program. Boston University is offering free credit monitoring to all affected individuals.

Massive Computer Theft Raises Identity Theft Concerns at CSULA

Adam Dodge — Tue, 18 Aug 2009 21:03:02 -0500

Quick Facts

Date: 8/18/2009
Institution: California State University, Los Angeles
Type of Incident: Theft
Number Affected: 600
Source: OSF DataLoss DB
Abstract Source: ABC

Abstract
California State University, Los Angeles is investigating a rash of computer thefts that contained the names and Social Security numbers of students and staff. The two computers and 12 laptops were found to contain the names, addresses and Social Security number of more then 600 CSULA individuals. According to the university, the students affected no longer attend the university. CSULA has setup a hotline - (800) 883-4029 - to help answer any questions students and staff have about the thefts.

Stolen NKU Laptop Contains Current, Former Student Information

Adam Dodge — Sat, 15 Aug 2009 20:16:41 -0500

Quick Facts

Date: 8/15/2009
Institution: Northern Kentucky University
Type of Incident: Theft
Number Affected: 200
Source: DataBreaches.net
Abstract Source: NKY.com

Abstract
Northern Kentucky University is notifying current and former students after a laptop was stolen from a secured location on campus. Using a recent backup, the university was able to discover the laptop contained the names and Social Security numbers of 200 students. The university is advising students to place fraud alerts on their credit reports. While the university does not think that the information was what the thief was after, it will help help student that find themselves a victim of identity theft due to the theft.