Quick Facts

• Date: 11/30/2009
• Institution: Pennsylvania Sate University
• Type of Incident: Penetration
• Number Affected: 303
• Source: ESI
• Abstract Source: The Daily Collegian

Abstract
Penn State recently notified current and former students after a security incident may have exposed personal information. On August 3, Penn State Security Operations and Services notified university officials that the online grade book a professor used was compromised by a computer virus. The grade book contained the names, grades and Social Security numbers for 303 current and former students. While the information was taken offline when the problem was discovered, the Dean of the College of Earth and Mineral Sciences did not send letters to those affected until November. University spokesperson Annemarie Mountz stated that the university's response was in line with Pennsylvaina's Breach of Personal Information Notification Act. According to Mountz, there is no evidence this information was accessed by any unauthorized individuals. Mike McEvoy, a class of 2006 alumni affected by this incident, said he was thankful the university took immediate action to remove the information but wishes they had notified him in a more timely manner.

Quick Facts

• Date: 11/24/2009
• Institution: University College Dublin
• Type of Incident: Unauthorized Disclosure
• Number Affected: 2
• Source: DataBreaches.net
• Abstract Source: The University Observer

Abstract
The University Observer, a student newspaper, was able to obtain detailed academic records on two University College Dublin students from UCD. The newspaper, with the knowledge and consent of the two students, filed official requests for information using nothing more then publicly available information. These requests were accepted and the newspaper was supplied with full academic statements on these students. In response to the ease with which the University Observer was able to obtain these records, UCD Students' Union President Gary Redmond asked the university to "...review its internal policies to ensure that all procedures were followed in this instance, and if necessary introduce mechanisms to ensure that a breach of this nature does not occur in the future." The university declined to comment on whether or not the university would be reviewing data protection procedures.

Employee Information Available on Notre Dame Web Site

Quick Facts

• Date: 11/20/2009
• Institution: Notre Dame
• Type of Incident: Unauthorized Dislcosure
• Number Affected: 24,000
• Source: DataBreaches.net
• Abstract Source: WNDU
• Update1 Source: The Observer

Abstract
Notre Dame is warning employees after files containing personal information were discovered online. The files, accidentally placed online, contained names, Social Security numbers and dates of birth of an unreleased number of university employees. According to a spokesperson, the university removed the file as soon as the incident was discovered and there is no evidence the information was misused.

Update1
In total, the personal information on about 24,000 Notre Dame employees, including some student workers, was accidentally made available online.

Quick Facts

• Date: 11/19/2009
• Institution: University of East Anglia
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: ESI
• Abstract Source: Examiner.com, The Register

Abstract
The University of East Anglia's Hadley Climate Research Center recently suffered a breach exposing thousands of email messages. The breach involved 1079 e-mail messages and 72 documents containing internal communications from researchers involved in global warming research. These documents were uploaded to an anonymous FTP server. The documents and e-mails themselves contain internal communications filled with crude language and disparaging comments on skeptical scientists. In addition, several of the messages appear to bring into question the relationship between the scientists and several journalists as well as call into question the methodologies used in some of the research.

Quick Facts

• Date: 11/15/2009
• Institution: California State Polytechnic University, Pomona
• Type of Incident: Unauthorized Disclosure
• Number Affected: 355
• Source: ESI
• Abstract Source: LA Times

Abstract
California State Polytechnic University, Pomona recently announced that a mistake exposed the personal information of former applicants online. The information, available online for five years, included names and Social Security numbers of 355 applicants from 2003. According to the university, the information was mistakenly placed in a publicly accessible folder in November 2003. The file was removed in November 2008, but the data remained in search engine caches and indexes. Cal Poly Pomona became aware that this information was still, in part, available when a former student discovered his own information while searching Google.