Educational Security Incidents (ESI)

Quick Facts

• Date: 12/15/2008
• Institution: University of North Carolina at Greensboro
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: ESI
• Abstract Source: UNC Greensboro News Release

Abstract
The University of North Carolina at Greensboro is working to alert current and former employees after a detected a security breach on a workstation containing payroll information. The workstation contained the names, Social Security numbers, bank routing information and bank account numbers on an unknown number of individuals. The incident affects anyone that has received a payment from UNCG since April of this year. The breach was discovered after a payroll employee received a virus alert while trying to open a file on the computer. An investigation into the alert uncovered a virus had been on the computer for eight months which could have allowed unauthorized access to the workstation. UNCG has created a web site - fsv.uncg.edu/incident - with more information on the incident.

Quick Facts

• Date: 11/14/2008
• Institution: Rockland Community College
• Type of Incident: Employee Fraud
• Number Affected: 12
• Source: ESI
• Abstract Source: LoHud.com

Abstract
A Rockland Community College student worker has been accused of stealing credit card numbers of former students to purchase high-end clothing costing over $2,200. Ololade Aiyeku, an American citizen from Nigeria, is accused of stealing the credit card information while working in RCC's records office. Police believe Aiyeku gained access to the credit card information of 12 former students' transcript applications by either making copies or stealing them. According to RCC spokeswoman Zipora Reitma students do not normally have access to credit card information. The college plans to look at how this happened and what changes might be made to prevent this type of incident in the future. Spring Valley Police were able to trace a Nordstrom purchase to Aiyeku's apartment where they found numerous receipts and even some notes on purchases. According to Detective David Humested, "He [Aiyeku] was very meticulous with his paperwork." Aiyeku has been charged with 38 felony counts and 31 misdemeanor counts.

Quick Facts

• Date: 10/14/2008
• Institution: Ryerson University
• Type of Incident: Unauthorized Disclosure
• Number Affected: Unknown
• Source: ESI
• Abstract Source: The Eyeopener Online

Abstract
Ryerson University is currently investigating how boxes containing sensitive documents could have been left unsecured in empty offices. The boxes, located in Kerr Hall South, contained payroll stubs, student numbers, grades, exams, staff tenure reports, and resumes. The boxes themselves contained labels such as "shred" and "confidential". The offices where the boxes were found were last used by the industrial engineering department in late 2007. According to Heather Driscoll, the university's FIPPA coordinator, it doesn't matter if the university can tell definitively whether or not anyone read the documents. For Driscoll the problem is that the documents were left unsecured in the first place.

Quick Facts

• Date: 10/14/2008
• Institution: Olympic College
• Type of Incident: Unauthorized Disclosure
• Number Affected: Unknown
• Source: Pogo Was Right
• Abstract Source: The Olympian of Olympic College

Abstract
Olympic College officials are currently investigating how at least four web sites leaked student information to the Web. The college found out about the incident after a student searched for her name in Google and found a class roster for a computer class the student took in 2007. Initially the blame for the leak was placed on the professors responsible for the web sites. However, according to one professor, these web sites were supposed to be part of an Intranet only accessible to Olympic College individuals. However, Jack Hanson admitted that the half hour training session faculty received on might not have been adequate. According to Hanson "I allowed a design that was too complex and permissions were set wrong and that was the problem".

Abstract

• Date: 10/7/2008
• Institution: University of North Dakota
• Type of Incident: Theft
• Number Affected: 84,000
• Source: ESI
• Abstract Source: Grand Forks Herald

Abstract
The primary software vendor for the University of North Dakota Alumni Association recently alerted the school after a laptop containing UND student information was stolen. The laptop, taken from a vehicle, contained the names, Social Security numbers and credit card information on 84,000 UND alumni. According to Tim O'Keefe, the UND Alumni Association executive vice president, there is minimal chance the data could be accessed. According to an announcement from the Alumni Association, the information was protected by multiple security measures including encryption. However, the Alumni Association is urging those affected to monitor their credit reports for fraudulent activity. To help, affected individuals are being offered one year of credit monitoring for free. The UND Alumni Association has more information on the theft is available here: www.undalumni.org/NetCommunity/Page.aspx?pid=956.