Quick Facts

• Date: 5/29/2010
• Institution: University of Akron
• Type of Incident: Student Misconduct
• Number Affected: N/A
• Source: DataBreaches.net
• Abstract Source: US Attorney’s Office, Northern District of Ohio (PDF), US Attorney’s Office, Northern District of Ohio News Release

Abstract
Former University of Akron student Michael L. Frost plead guilty to several computer crimes conducted using the university’s network. While an Akron student, Frost admitted he used the network to control BotNets to attack online web sites such as www.joinrudy2008.com, www.billoreilly.com, and www.anncoulter.com between 2006 and 2007. Along with the attacks, Frost used the BotNet computers to harvest and obtain personal information such as usernames, passwords, credit card numbers and CCV security codes. In addition, Frost admitted to launching a Distributed Denial of Service (DDoS) attack again the University of Akron that knocked the computer network offline for over eight hours on March 14, 2007. U.S. District Judge Lesley Wells sentenced Frost to 30 months in prison and 3 years of supervised release.

Quick Facts

• Date: 5/27/2010
• Institution: Tokyo Institute of Technology
• Type of Incident: Loss
• Number Affected: 1,889
• Source: ESI
• Abstract Source: The Mainichi Daily News

Abstract
Tokyo Institute of Technology recently announced the loss of an external hard drive containing personal information. The hard drive, lost by a Tokyo Institute of Technology professor, contained academic results for 1,889 individuals including entrance exam scores and end of term exam scores. In addition, the drive contained draft questions for the engineering departments up coming entrance exam. Tokyo Institute of Technology plans to notify those affected with a letter of apology.

Quick Facts

• Date: 5/25/2010
• Institution: Loma Linda University Medical Center
• Type of Incident: Theft
• Number Affected: 500+
• Source: DataLoss DB
• Abstract Source: The Press-Enterprise

Abstract
Loma Linda University Medical Center recently issued a written statement following the theft of a computer containing patient information. The computer, stolen on April 5th from the Department of Surgery’s administrative office, contained names, medical record numbers, diagnosis, surgery dates and types of procedures at least 500 surgery patients. The San Bernardino County deputy sheriffs are investigating the theft.

Quick Facts

• Date: 5/14/2010
• Institution: Edward Waters College
• Type of Incident: Unauthorized Disclosure
• Number Affected: Hundreds
• Source: DataBreaches.net
• Abstract Source: News4Jax

Abstract
Edward Waters College officials launched an investigation after learning from News Channel 4 that student information was available online. According to college officials, a mistake in the way software was setup that caused faxes from EWC employees to hundreds of potential students to wind up online and in reachable through Google and Yahoo searches. The faxes contained names, address, Social Security numbers and driver's license numbers. The news station became aware of the incident after being notified by Shawn Tucker, a North Carolina resident who discovered the information online. EWC took immediate action once notified and the information was removed by the end of the day.

Quick Facts

• Date: 5/13/2010
• Institution: University of California, San Francisco
• Type of Incident: Employee Fraud
• Number Affected: Unknown
• Source: PHIPrivacy.net
• Abstract Source: San Francisco Chronicle

Abstract
A University of California, San Francisco Medical Center employee was recently charged in federal court for wire fraud. Cam Giang is charged with using the personal information of other UC employees, including names, last six digits of Social Security numbers and dates of birth, to create online accounts and complete surveys by StayWell Health Management Inc. Giang was rewared with hundreds of $100 Amazon gift codes. There is no information on how Giang was able to obtain the information on the other UC employees.