Educational Security Incidents (ESI)

Quick Facts

• Date: 8/30/2008
• Institution: Rochester Institute of Technology - National Technical Institute for the Deaf
• Type of Incident: Theft
• Number Affected: 13,800
• Source: Attrition.org
• Abstract Source: WHAM

Abstract
Rochester Institute of Technology began notifying individuals associated with the National Technical Institute for the Deaf after a laptop containing personal information was discovered missing on August 25. According to RIT officials, the laptop contained the names, birth dates and Social Security numbers of the 12,700 individuals that had enrolled in the NTID since 1968. In addition, 1,100 members of the RIT community are affected by the theft as well. RIT officials are working with the Monroe County Sheriff's Department and urge affected individuals to place fraud alerts on their credit files. RIT has setup a hotline - 866-624-8330 - and web site - www.rit.edu/news/?v=46283 - to help answer additional questions about the theft.

Quick Facts

• Date: 8/27/2008
• Institution: Kansas State University
• Type of Incident: Theft
• Number Affected: 86
• Source: ESI
• Abstract Source: KTKA

Abstract
Kansas State University's Division of Continuing Education is notifying students that papers stolen from a parked car contained their personal information. The papers, stolen out of a professor's parked car, contained the names and Social Security numbers of 86 students that had taken Res 200 between Fall 2007 and Summer 2008. K-State is in the process of phasing out Social Security numbers and recently implemented a new student system which no longer uses Social Security numbers as student IDs. The university also plans to launch an education and awareness campaign for faculty and staff on protecting student information.

Quick Facts

• Date: 8/24/2008
• Institution: Khalsa College
• Type of Incident: Penetration
• Number Affected: None
• Source: ESI
• Abstract Source: Express India

Abstract
The state Anti-Terrorism Squad (ATS) traced an email supposed sent by the Indian Mujahideen to the WiFi network at Khalsa College in Matunga. It seems an unknown individual or unknown individuals compromised the WiFi network at the college and used this access to send an email with photographs of cars stolen for use in terror activities. The log files for the WiFi network were deleted by this individual or these individuals shortly after the email was sent. The ATS confiscated some equipment from the college and is now looking to work with VSNL and Google to trace the email.

Quick Facts

• Date: 8/20/2008
• Institution: Case Western Reserve University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 1,160
• Source: Pogo Was Right
• Abstract Source: newsnet5

Abstract
Case Western Reserve University is working to alert students after their information as discovered to be available through a CWRU web site. The site contained the names and Social Security numbers of 1,160 individuals. The university does not know how the information ended up online, but removed the information as soon as it became aware of the issue. Students affected by this incident will be offered one year of credit monitoring for free.

Quick Facts

• Date: 8/15/2008
• Institution: University of Otago
• Type of Incident: Impersonation
• Number Affected: 4
• Source: Pogo Was Right
• Abstract Source: Otago Daily Times

Abstract
Computer criminals were able to gain access to four University of Otago email accounts and use this access to send out 1.55 million spam messages. The computer accounts, belonging to university employees, were compromised after the university was targeted with a wave of "spear phish" emails asking recipients to respond with username and password information. The four employees do not face any disciplinary action but instead the university's information security office is using this as an opportunity to reach out to the university community.