Quick Facts

• Date: 9/30/2010
• Institution: Ohio State University
• Type of Incident: Unknown
• Number Affected: 30 to 385
• Source: ESI
• Abstract Source: The Columbus Dispatch

Abstract
According to Ohio State University, four of the six security incident investigations in the past year discovered minor breaches involving personal information. These incidents involved 30 to 385 individuals and all involved Social Security numbers. According to Catherine Bindewald from OSU's Office of the Chief Information Officer there has been no indication that any of this information has been misused and no reports of identity theft from those affected. OSU offers one free year of credit protection to anyone affected by breaches at the university, even if there is no evidence information has been inappropriately accessed. The total number of data breach investigations at OSU has dropped since the school increased security measures and implemented a $50 million student-information system.

Quick Facts

• Date: 9/29/2010
• Institution: University of Florida
• Type of Incident: Unauthorized Disclosure
• Number Affected: 239
• Source: ESI
• Abstract Source: University of Florida News

Abstract
The University of Florida recently announced the accidental exposure of former student information on a web-accessible archive setup by a faculty member in 2003. The archive, with information from a 2003 University of Florida computer science class, contained the names and Social Security numbers of 239 former UF students. The archive was discovered last month and immediately removed from the server. Currently, it is not known if the information was accessed or used. The University of Florida phased out Social Security numbers as student IDs in 2003. The web site will not be re-enabled in the same form. Current UF policy only allows posting of grades through the university's secure e-learning course management system. Individuals that were affected are urged to follow the instructions in the notification letter, however individuals with questions can contact UF's Privacy Office at 1-866-876-HIPA.

Quick Facts

• Date: 9/24/2010
• Institution: Oklahoma University Health Services Center
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: OSF Data Loss Database
• Abstract Source: Oklahoma University Health Services Center Announcement

Abstract
The University of Oklahoma Health Services Center recently began notifying patients after an investigation into a virus infection on a clinic computer discovered that personal information may be at risk. The virus, discovered around July 28, could have allowed unauthorized access to documents containing names, telephone numbers, addresses, dates of birth, Social Security numbers, medical records, insurance numbers, procedure billing codes, diagnosis codes, lab reports, office notes, radiology reports and service dates. While there is no evidence of misuse of the information contained on the computer, individuals affected are being notified and instructed on actions they can take to monitor their financial accounts and identities.

Quick Facts

• Date: 9/17/2010
• Institution: St Anselm
• Type of Incident: Unauthorized Disclosure
• Number Affected: 122+
• Source: DataBreaches.net
• Abstract Source: New Hampshire Attorney General (May 28, 2010), New Hampshire Attorney General (September 15, 2010)

Abstract
According to notices submitted to the New Hampshire Attorney General's Office, issues of the St. Anselm alumni magazine may have exposed personal information by accident. According to the two notices, the Fall 2009 and Spring 2010 issues of the St. Anselm alumni magazine contained Social Security numbers on some of the mailing labels. While the notices do not give the total number of individuals affected, the notices do state that 122 New Hampshire may have been affected. In the notice to those individuals affected, St. Anselm is offering 12-months of credit monitoring and identity theft protection at no cost through LifeLock.

Quick Facts

• Date: 9/13/2010
• Institution: Rice University
• Type of Incident: Theft
• Number Affected: 7,250
• Source: ESI
• Abstract Source: KTRK

Abstract
Rice University officials are working closely with law enforcement following the recent theft of a device containing payroll information. The device contained a file with the names, addresses, dates of birth, employee ID numbers, salaries and emergency contact information on 7,250 employees and students on the Rice payroll as of January 2010. University officials pointed out that this file did not contain any Social Security numbers. However another file on the device did contain the Social Security numbers of an unknown number of Rice employees according to the university. The university is working with law enforcement to investigate the theft and are declining to release any details of the theft to protect the victims.