Quick Facts

• Date: 6/29/2010
• Institution: University of Maine
• Type of Incident: Penetration
• Number Affected: 4,585
• Source: Data Loss DB
• Abstract Source: The Maine Campus
• Update1 Source: Bangor Daily News
• Update2 Source: The Maine Campus

Abstract
The University of Maine recently announced that the breach of two servers could place student information at risk. The servers, belonging to the university's Counseling Center, contained the names, Social Security numbers and clinical information for 4,585 students that attending the center between August 2002 and June 2010. According to Robert Dana, University of Maine's Dean of Students, the first breach of the servers may have occurred early in March 2010 and the attackers used this access to compromise a second server containing the student information. Dana called university and college networks "prime targets" for attack and stated that the University of Maine is under "literally thousands of [attack] attempts per day." While the university works with Debix to notify affected individuals and offer one year of credit monitoring, the University of Maine Police are investigating the incident with assistance from US Attorney's Office and the US Secret Service. More information is available at http://umaine.edu/informationcenter/

Update1
The University of Maine system recently briefed the Board of Trustees on a plans to improve data security at all seven campuses following the breach of the counseling center over the summer. The Strategic Information Security Plan calls for $860,000 a year over three years to "... address IT problems when they arise and prevent ongoing vulnerabilities by putting additional protections in place" according to Vice Chancellor for Finance and Administration Rebecca Wyke. In additional to the increased spending, the costs of the original breach was about $130,000.

Update2
An interview with the Maine Police Department officer heading the investigation into the breach of the University of Maine's Counseling Center computer revealed that none of the affected students have reported any identity theft. While the investigation is still ongoing, Officer Bill Mitchell has not found any new evidence that would be cause for alarm. Mitchell praised the efforts of the University of Maine's Information Technology department in improving security measures and he plans to have the investigation concluded by the summer.

Quick Facts

• Date: 6/24/2010
• Institution: University of Oklahoma
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: ESI
• Abstract Source: KOCO.com

Abstract
The University of Oklahoma recently began notifying students following a virus infection that could have exposed personal information. The laptop, infected with the Zeus virus, had access to student information such as names and Social Security numbers. OU IT staff became aware of the infection when they noticed unusual Internet activity coming from the laptop. Officials are not aware of any misuse of student information but sent the letters to students as a precaution. In the letter, students are advised to monitor credit card statements and be on the look out for suspicious bills.

Quick Facts

• Date: 6/22/2010
• Institution: Florid International University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 19,000
• Source: ESI
• Abstract Source: FIU News

Abstract
Florida International University recently began notifying faculty and students after a unsecured database was found to contain personal information. The database, part of FIU's College of Education, contained the names, GPAs, test scores and Social Security numbers of over 19,000 students and the names and Social Security numbers of 88 faculty. While FIU has not found any evidence that the information was accessed, they urge those affected to monitor their credit reports.

Quick Facts

• Date: 6/19/2010
• Institution: University of Nevada, Reno
• Type of Incident: Theft
• Number Affected: Unknown
• Source: ESI
• Abstract Source: Daily Sparks Tribune

Abstract
University of Nevada, Reno is investigating the theft of computer equipment containing patient information. The equipment, part of the University's School of Medicine's clinical practice, contained the names, addresses, dates of birth, Social Security numbers and medical information for an undetermined number of individuals. The equipment was discovered stolen on June 11th. In the letter to the patients where identity theft is a risk, the university is offering one year of free credit monitoring. A full investigation into the theft is being conducted by local and federal authorities and information on the theft can be reported to University of Nevada, Reno Police.

Quick Facts

• Date: 6/8/2010
• Institution: Tufts University
• Type of Incident: Penetration
• Number Affected: 7,000
• Source: ESI, DataBreaches.net(Update1)
• Abstract Source: Blast Magazine
• Update1 Source: New Hampshire Attorney General's Office (PDF)

Abstract
Tufts University recently announced that a virus infection found on several computers could have exposed alumni information. The computers, which were compromised with viruses that could have allowed unauthorized access, contained that names and Social Security numbers of 7,000 alumni. While Tufts does not have any evidence that the files were accessed or downloaded, the university is offering one year of credit monitoring to those affected. Tufts spokesperson Kimberly Thurler stated incident only affected an small number of isolated computers.

Update1
According to the notification sent to the New Hampshire Attorney General's Office, Tufts first noticed that the "torpig" virus was affected two computers on February 18, 2009. Addition infections were detected on March 9, March 16 and April 2. According to the letter, the computers were infected after users visited web sites hosting malicious advertisements. To assist with the investigation Tufts contract with cmd Labs of Baltimore, MD.