Educational Security Incidents (ESI)

Quick Facts

• Date: 5/30/2008
• Institution: New Hampshire Technical Institute
• Type of Incident: Loss
• Number Affected: 128
• Source: Pogo Was Right
• Abstract Source: New Hampshire Attorney General Office [pdf]

Abstract
The New Hampshire Technical Institute is working to alert former nursing program students after a USB flash drive was discovered missing. NHTI launched an investigation into the missing flash drive and was unable to determine whether or not the drive contained student information. According to the letter to the New Hampshire Attorney General, the missing drive may contain the names, addresses, phone numbers, e-mail addresses, and Social Security numbers of 128 nursing program graduates from the classes of 2006 and 2007. NHTI is offering 12 months of free credit monitoring to the affected students.

Quick Facts

• Date: 5/30/2007
• Institution: University of Iowa
• Type of Incident: Penetration
• Number Affected: 946
• Source: Pogo Was Right
• Abstract Source: Iowa Press-Citizen, Iowa Press-Citizen

Quick Facts
The University of Iowa is alerting 946 current and former Center of Disabilities and Development employees following a recent computer breach. The university discovered that a computer application containing employee information such as dates of birth and Social Security numbers was accessed by an unknown, external individual before March 2008. The university is currently investigating the incident and has alerted the FBI.

Quick Facts

• Date: 5/29/2008
• Institution: University of California, San Francisco
• Type of Incident: Penetration
• Number Affected: 3,569
• Source: Attrition.org
• Abstract Source: UCSF News Office

Abstract
The University of California, San Francisco is currently alerting a number of patients that their information may have been accessed by an unknown individual. In January 2008, UCSF noticed odd traffic coming from a computer in January and an investigation turned up that an unknown individual installed an unauthorized file sharing program on the computer. This computer also contained the names, Social Security numbers, dates of pathology service and health information of 2,625 UCSF patients and 944 patients whose tissue samples were used by the department. While there is no evidence the patient files were accessed, UCSF takes this incident and patient confidentiality very seriously. The university has created a hotline - 415-353-7427 - and e-mail address - PathHotline@ucsf.edu - to help answer any questions affected individuals might have.

Quick Facts

• Date: 5/27/2008
• Institution: Oklahoma State University, Stillwater
• Type of Incident: Unauthorized Disclosure
• Number Affected: 3
• Source: SSNBreach.org
• Abstract Source: SSNBreach.org Media Release

Abstract
The Liberty Coalition recently notified Oklahoma State University, Stillwater that student information was available through a university web site. The web site, which belonged to the university's Vietnamese American Student Association (VASA), contained an excel file with the campus addresses, names and Social Security numbers of three students. This file had been online for six years and the students affected had received reimbursement for expenses related to a VASA tournament held in March 2002.

Quick Facts

• Date: 5/22/2008
• Institution: University of Nebraska-Lincoln
• Type of Incident: Unauthorized Disclosure
• Number Affected: 290
• Source: Pogo Was Right
• Abstract Source: NTV

Abstract
The University of Nebraska-Lincoln recently announced that it discovered that student information was available through a university web site. The site, which belonged to a math professor, had the names and Social Security numbers of 290 (66 full SSNs and 224 partial SSNs) students dating back to 2000. According to the university, the professor was using them to student identifiers, a practice UNL moved away from last year. According to UNL Vice Chancellor Chris Jackson, the professor, Steven Dunbar, was not aware that the information would be so readily available.