Educational Security Incidents (ESI)

Quick Facts

• Date: 11/14/2008
• Institution: University of Iowa Hospitals and Clinics
• Type of Incident: Employee Fraud
• Number Affected: Unknown
• Source: ESI
• Abstract Source: The Gazette

Abstract
University of Iowa Hospitals and Clinics announced that eight University Hospitals staff members are facing disciplinary actions after inappropriately accessing confidential patient records. Staff discovered the inappropriate access during a routine review of patient record access. According to hospital CEO Ken Kates the hospital has disclosed the incident and apologized to those affected. According to Kates, the hospital will be "stepping up both our training and the penalties for inappropriately accessing or sharing confidential patient information". One of the staff members involved with this incident has been fired.

Quick Facts

• Date: 11/12/2008
• Institution: University of Florida
• Type of Incident: Penetration
• Number Affected: 336,234
• Source: ESI
• Abstract Source: Network World

Abstract
The University of Florida announced that a server containing College of Dentistry patient information was breached by an unknown individual(s). The server contained the names, addresses, birth dates, Social Security numbers of 344,482 patients dating back to 1990. Some of these records did contain dental procedure information. UF discovered the breach on Oct 3rd when staff were performing upgrades on the server. Staff found that an unknown individual(s) had compromised the computer and remotely installed additional software on the server. The server was immediately taken down until staff could strengthen the security controls of the system. UF has mailed out notifications to 336,234 individuals affected by this breach. In the online FAQ, the University of Florida states that the university will not offer any free credit monitoring to the individuals affected by this breach. The university has more information on the incident here - privacy.ufl.edu.

Quick Facts

• Date: 11/11/2008
• Institution: Sinclair Community College
• Type of Incident: Unauthorized Disclosure
• Number Affected: 1,000
• Source: ESI
• Abstract Source: Associated Press

Abstract
Sinclair Community College announced that it discovered that a file containing employee information was available online. The file, an excel spreadsheet, contained the names and Social Security numbers of about 1,000 employees working at the college between 2000 and 2001. The file was discovered by and employee performing a Web search. According to the college, the file was inadvertently uploaded by an employee and had been available online for almost a year. According to Sinclair President Steven Lee Johnson the college has no reason to believe anyone else accessed the information.

Quick Facts

• Date: 11/10/2008
• Institution: Seoul National University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 4,500
• Source: Pogo Was Right, The Breach Blog
• Abstract Source: The Korea Times

Abstract
The Seoul National University announced that information on a number of students was accidentally leaked to a university web page. An excel file containing the names, mobile phone numbers, military serial numbers and dates of birth of 4,500 students was mistakenly attached to an article giving notice of reserve force training. Staff are currently investigating if this information was accessed.

Quick Facts

• Date: 11/8/2008
• Institution: Texas A&M University - Corpus Christi
• Type of Incident: Unauthorized Disclosure
• Number Affected: 1,430
• Source: Pogo Was Right
• Abstract Source: Caller-Times

Abstract
Texas A&M University Corpus Christi will begin notifying applicants after a web site containing personal information was discovered. The web site, discovered by student, contained a document with 2005 application information including 1,430 names and Social Security numbers. University officials immediately removed the documents once they became aware of the incident. The university is working to attempt to discover how long this document was available online. This incident marks the fourth time in two years, including the second time in three months, that TAMUCC student data has been exposed.