Educational Security Incidents (ESI)

Quick Facts

• Date: 12/30/2008
• Institution: University of Iowa
• Type of Incident: Employee Fraud
• Number Affected: Unknown
• Source: ESI
• Abstract Source: Press-Citizen

Abstract
A former University of Iowa employee has been charged with stealing UI laptops and selling them to the general public. According to the complaint, Charles Martin Reed had stolen and sold five university laptops. Reed was a former employee in the UI Surplus office which is responsible for selling used university equipment to the public. It is not known if these five laptops contained were sanitized before Reed allegedly sold them.

Quick Facts

• Date: 11/14/2008
• Institution: University of Iowa Hospitals and Clinics
• Type of Incident: Employee Fraud
• Number Affected: Unknown
• Source: ESI
• Abstract Source: The Gazette

Abstract
University of Iowa Hospitals and Clinics announced that eight University Hospitals staff members are facing disciplinary actions after inappropriately accessing confidential patient records. Staff discovered the inappropriate access during a routine review of patient record access. According to hospital CEO Ken Kates the hospital has disclosed the incident and apologized to those affected. According to Kates, the hospital will be "stepping up both our training and the penalties for inappropriately accessing or sharing confidential patient information". One of the staff members involved with this incident has been fired.

Quick Facts

• Date: 9/11/2008
• Institution: University of Iowa
• Type of Incident: Penetration
• Number Affected: 500
• Source: ESI
• Abstract Source: Press-Citizen

Abstract
The University of Iowa began notifying students after a computer containing student information was breached. The computer, belonging to the university's College of Engineering, contained the names and Social Security numbers of 500 students. According to the university, it seems the machine was compromised to be used as storage for copies of music and movies. It does not appear that the files containing student information were accessed during the breach.

Quick Facts

• Date: 5/30/2007
• Institution: University of Iowa
• Type of Incident: Penetration
• Number Affected: 946
• Source: Pogo Was Right
• Abstract Source: Iowa Press-Citizen, Iowa Press-Citizen

Quick Facts
The University of Iowa is alerting 946 current and former Center of Disabilities and Development employees following a recent computer breach. The university discovered that a computer application containing employee information such as dates of birth and Social Security numbers was accessed by an unknown, external individual before March 2008. The university is currently investigating the incident and has alerted the FBI.

Quick Facts

• Date: 3/25/2008
• Institution: University of Iowa
• Type of Incident: Unauthorized Disclosure
• Number Affected: 9
• Source: SSNBreach.org
• Abstract Source: SSNBreach.org News Release

Abstract
SSNBreach.org announced today that it had discovered two files containing protected student information on the University of Iowa's Computer Science Department web site. The files in question contained the names, grades and partial Social Security numbers of nine students enrolled in the university's Summer 2001 22c-112 course. The files, which are dated November 2001 on the server, were removed immediately by the university but remained available through search engine caches through March 2008.