Quick Facts

• Date: 11/25/2010
• Institution: University of London, School of Oriental and African Studies
• Type of Incident: Impersonation
• Number Affected: Unknown
• Source: ESI
• Abstract Source: IT Pro

Abstract
Daniel Woo was recently sentenced in connection with stealing passwords to University of London’s School of Oriental and African Students (Soas) student accounts. Woo pretended to be a student to gain access to Soas computers and the computer room. Once he gained access, Woo installed password recovery tools to obtain passwords and used these passwords to gain information on the students such as financial information on personal identification information. Woo was sentenced to a 36 week suspended sentence, two years of supervision, 200 hours of unpaid work and a £20,000 fine.

Quick Facts

• Date: 11/16/2010
• Institution: Messiah College
• Type of Incident: Loss
• Number Affected: 43,000
• Source: ESI
• Abstract Source: PennLive.com

Abstract
Messiah College is working to notify individuals after the loss of a drive containing personal information. The drive, which went missing earlier in November, contained the a “collection of personal information” dating from 1994 to 2010 on 43,000 students, prospective students, alumni, parents and guardians. According to Messiah Assistant Director of Public Relations Beth Lorow, the Upper Allen police have investigate the incident and found not signs of theft. Individuals with questions about the incident and if they are affected can contact the Messiah call center at 888-747-5399.

Quick Facts

• Date: 11/15/2010
• Institution: University of Nebraska System
• Type of Incident: Unauthorized Disclosure
• Number Affected: 300,000
• Source: DataLoss DB
• Abstract Source: KCAUTV, Omaha World Herald

Abstract
A Nebraska initiative to increase transparency in spending inadvertently exposed the personal financial information on hundreds of thousands of students. The web site, Nebraskaspending.gov, lists millions of payments made by the Nebraska government. Among the 2008-09 data are 300,000 payments to University of Nebraska students that include the students name, refund amount, scholarship information and other financial aid reimbursement information. When this information was first discovered, there was a disagreement over who should remove the information. University of Nebraska officials requested that the State Treasurer’s Office remove the information, but the State Treasurer Shane Osborn said he did not have enough staff to do this. Instead, Osborn stated that the University of Nebraska had ample opportunity to remove the data before it was sent to the State and the data should never have been in the files received by his office. However, the university and the State have come to an agreement. The information has been removed from the web site and the university will be given adequate time to remove the information from the 2009-10 data.

Quick Facts

• Date: 11/10/2010
• Institution: Methodist Theological School in Ohio
• Type of Incident: Theft
• Number Affected: Unknown
• Source: DataLoss DB
• Abstract Source: New Hampshire Attorney General(PDF)

Abstract
The Methodist Theological School in Ohio recently notified the New Hampshire Attorney General following the theft of a laptop containing student information. The laptop, stolen from a staff member in a locked off-campus location, contained the names, addresses, letter grades for completed courses, Social Security numbers, dates of birth and record of payments received for an unknown number of MTSO students. According to the notice, not all of the information was available on all affected individuals and the laptop did not contain any financial account information. While the investigation so far has shown this to be a random act of theft, MTSO is offering those affected one year of credit monitoring service at no cost. In addition, MTSO is working to strengthen data protection safeguard to help prevent future incidents.

Quick Facts

• Date: 11/10/2010
• Institution: Washington State University
• Type of Incident: Penetration
• Number Affected: N/A
• Source: ESI
• Abstract Source: ComputerWorld

Abstract
Washington State University is currently investigating the breach of the campus media services that allowed an unknown individual to hijack the projector systems in more then two dozen classrooms. The hacker used the access to the projector systems to broadcast a four minute video via the school’s distance learning technology to the classrooms. In the video, an individual dressed similar to V from the movie “V for Vendetta” called for WSU students to “rise up against squirrels on campus”. A follow-up message posted to WSU 1812 chastised WSU administrators for ignoring the student body and WSU students for their apparent apathy. WSU officials view this computer intrusion as a serious breach and are investigating the incident.