Educational Security Incidents (ESI)

Quick Facts

• Date: 12/31/2008
• Institution: Ohio State University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 18,000
• Source: Pogo Was Right
• Abstract Source: Columbus Dispatch

Abstract
Ohio State University is working to notify current and former students after student personal information was found accessible via the Internet. The information, including Social Security numbers, names, address and enrollment dates, was accidentally placed on a server exposed to the Internet. OSU has traced the mistake to a third-party vendor working with the university's student health insurance program. The breach appears to have affected 18,000 students enrolled in the insurance program from Fall 2005 to Summer 2006. OSU is offering these individuals 12 months of free credit monitoring. According to OSU officials, the university became concerned in September when students began contacting the university after finding their personal information online. OSU has setup a web site - www.studentlife.osu.edu/dataexposure/ - with more information on the incident.

Quick Facts

• Date: 12/23/2008
• Institution: Ohio University - Chillicothe
• Type of Incident: Theft
• Number Affected: 38
• Source: Pogo Was Right
• Abstract Source: Chillicothe Gazette

Abstract
Ohio University - Chillicothe is working to alert members of the university's Health Wellness Center after staff discovered the theft of a hard drive containing personal information. The drive, part of a stand-alone machine using specialized software, contained the names and Social Security numbers of 38 current and former members. OU-C discovered the theft on December 9th and began investigating the incident. According to OU-C officials, the information is very difficult to access without the special software used by the Health Wellness Center. However, to help protect the individuals affected by this incident, OU-C is offering one year of free credit monitoring to the 38 current and former members affected by the theft.

Quick Facts

• Date: 12/20/2008
• Institution: Lorain County Community College
• Type of Incident: Penetration
• Number Affected: 22,000
• Source: Pogo Was Right
• Abstract Source: The Chronicle-Telegram

Abstract
Lorain County Community College announced that a sophisticated computer hacker breached two servers and could possibly have gained access to staff, students and community members personal information. The breach, which occurred during Thanksgiving break, involved the library card system which contained the names and Social Security numbers of about 22,000 staff, students and community members. LCCC staff discovered the breach when a virus alert went off due to an unknown individual download applications to the server. Staff immediately removed the server from the network to mitigate the breach until it could be investigated. According to LCCC VP of Strategic and Institutional Development Marcia Ballinger, the unknown individual was most likely looking to pirate space available on the servers and was not after personal information. However, LCCC will begin notifying all affected individuals and instructing them how to sign up for credit monitoring with Equifax. LCCC has enlisted the help and support of the FBI and other computer forensic experts in the investigation of the breach.

Quick Facts

• Date: 12/20/2008
• Institution: University of North Carolina School of the Arts
• Type of Incident: Penetration
• Number Affected: 2,700
• Source: Pogo Was Right
• Abstract Source: Winston-Salem Journal

Abstract
The University of North Carolina School of the Arts is working to notify current and former students about a computer breach that may have exposed personal information. The server, which went on line in 2003, contained the names and Social Security numbers of about 2,700 students enrolled between 2003 and 2006. The breach occurred in May 2006 and, according to officials, the school became aware of the breach last week. UNCSA staff is working to investigate the breach and are conducting tests to ensure the future safety of personal information.

Quick Facts

• Date: 12/4/2008
• Institution: California State Polytechnic University, Pomona
• Type of Incident: Unauthorized Disclosure
• Number Affected: 675
• Source: Pogo Was Right
• Abstract Source: Pasadena Star-News

Abstract
Cal Poly Pomona is working to alert former students after a file containing personal information was found online. The file, an excel spreadsheet, contained the names, address, phone numbers and Social Security numbers on 675 former Cal Poly Pomona student applicants from 2001. The file was discovered after a former Cal Poly Pomona did a Google search for his name. An investigation by the university found that the breach was unintentional and the file had mistakenly been placed in a publicly accessible folder. According to the university, there is not evidence that anyone other then the student who discovered the file had accessed this information.