Educational Security Incidents (ESI)

Quick Facts

• Date: 11/26/2008
• Institution: Weber State University
• Type of Incident: Theft
• Number Affected: 69
• Source: Pogo Was Right
• Abstract Source: Desert News

Abstract
Weber State University is notifying members of the campus community after a thief broke into the campus post office. The thief made off with cash, a postal scale, three computers and hard copy postal box rental forms. According to the university, some of the rental forms taken contained names, addresses and Social Security numbers. Since the university does not know which forms contained personal information, it has notified all 69 individuals that had rented a post office box during the past eight years. Letters have been sent to these individuals with instructions on how to prevent and respond to identity theft in addition to information on an available credit monitoring service.

Quick Facts

• Date: 11/17/2008
• Institution: University of the Cumberlands
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: Pogo Was Right
• Abstract Source: Lexington Herald-Leader, Kentucky Attorney General Press Release

Abstract
A University of the Cumberlands student has been arrested and charged with hacking into student email accounts and using the information to blackmail these students. According to a press release from the Office of the Attorney General, Sungkook Kim was charged with identity theft and unlawful access to a computer following an investigation by the AG's cybercrime unit and the Williamsburg police. The investigation discovered that Kim had installed spyware on campus library computers to capture user IDs and passwords of students and faculty using the computers.

Quick Facts

• Date: 11/14/2008
• Institution: University of Iowa Hospitals and Clinics
• Type of Incident: Employee Fraud
• Number Affected: Unknown
• Source: ESI
• Abstract Source: The Gazette

Abstract
University of Iowa Hospitals and Clinics announced that eight University Hospitals staff members are facing disciplinary actions after inappropriately accessing confidential patient records. Staff discovered the inappropriate access during a routine review of patient record access. According to hospital CEO Ken Kates the hospital has disclosed the incident and apologized to those affected. According to Kates, the hospital will be "stepping up both our training and the penalties for inappropriately accessing or sharing confidential patient information". One of the staff members involved with this incident has been fired.

Quick Facts

• Date: 11/14/2008
• Institution: Rockland Community College
• Type of Incident: Employee Fraud
• Number Affected: 12
• Source: ESI
• Abstract Source: LoHud.com

Abstract
A Rockland Community College student worker has been accused of stealing credit card numbers of former students to purchase high-end clothing costing over $2,200. Ololade Aiyeku, an American citizen from Nigeria, is accused of stealing the credit card information while working in RCC's records office. Police believe Aiyeku gained access to the credit card information of 12 former students' transcript applications by either making copies or stealing them. According to RCC spokeswoman Zipora Reitma students do not normally have access to credit card information. The college plans to look at how this happened and what changes might be made to prevent this type of incident in the future. Spring Valley Police were able to trace a Nordstrom purchase to Aiyeku's apartment where they found numerous receipts and even some notes on purchases. According to Detective David Humested, "He [Aiyeku] was very meticulous with his paperwork." Aiyeku has been charged with 38 felony counts and 31 misdemeanor counts.

Quick Facts

• Date: 11/13/2008
• Institution: University of Maine
• Type of Incident: Penetration
• Number Affected: 200
• Source: ESI
• Abstract Source: WCSH6, Bangor Daily News

Abstract
The University of Maine announced the arrest of a former student charged with illegally accessing hundreds of student email accounts. Following a three week investigation by the University of Maine campus police, the Maine State Police Computer Crimes Task Force and the United States Secrete Service charged former UMaine business student James Wieland with one count of aggravated criminal invasion of computer privacy. The university believes that Wieland is responsible for distributing a downloadable game through email that contained a trojan key logging program. Wieland allegedly sent the email to over 1,000 student email address and had gained access to over 200 accounts as a result. The university became aware of the incident after two students received emails from each other while riding on an airplane together. It is not known why Wieland wanted access to these accounts.