Quick Facts

• Date: 1/26/2011
• Institution: East Carolina University
• Type of Incident: Penetration
• Number Affected: Hundreds
• Source: ESI
• Abstract Source: WNCT, WCTI 12

Abstract
Hundreds of East Carolina University students that used their ECU issued Higher One debit and credit cards at the University Book Exchange in mid-January have reported unauthorized charges following a breach of the UBE's systems. The fraudulent charges are for a wide range of goods and services mostly around the Los Angeles area. Don Edwards, owner of UBE, said they do not know how this happened but are studying the situation. While the investigation is still ongoing, UBE has implemented additional security measures to help protect customer data. Fortunately for ECU students, all Higher One cards have zero liability protections so students are not responsible for fraudulent charges.

Quick Facts

• Date: 1/24/2011
• Institution: Wentworth Institute of Technology
• Type of Incident: Unauthorized Disclosure
• Number Affected: 1,300
• Source: PHIPrivacy.net
• Abstract Source: WCVB

Abstract
Wentworth Institute of Technology is notifying current and former students after personal information was discovered online. According to the letter, the information found online included the names, Social Security numbers, dates of birth, allergies, medications, medical conditions and disability information on 1,300 current and former students. According to WIT spokesperson Jamie Kelly, the information was placed online by mistake and could only be found through a "targeted search" of the WIT website.

Special Thanks to Dissent from PHIPrivacy.net, DataBreaches.net and PogoWasRight for letting ESI know about this incident - Adam

Quick Facts

• Date: 1/24/2010
• Institution: University of Missouri
• Type of Incident: Unauthorized Disclosure
• Number Affected: 750
• Source: ESI
• Abstract Source: KRCG

Abstract
The University of Missouri recently began notifying employees after a mix-up in mailing information was reported by a contractor. On Jan 21st, letters were sent to 750 employees after Coventry Health Care, which manages the university's insurance program, mailed health benefit statements, health services letters and new ID cards to the incorrect addresses. According to Coventry, a computer error caused names to be aligned with the wrong address. The university became aware of the problem on January 14th when an employee reported getting a letter from Coventry intended for another person. On January 20th, Coventry responded to the university with an explanation of the error as well as the safeguards being put in place to avoid a similar issue in the future. The letters to the affected employees urges them to monitor their insurance claims for signs of misuse. Coventry has not issued new ID cards to those affected because the Coventry ID number is a variation of the University of Missouri ID number.

Quick Facts

• Date: 1/19/2011
• Institution: Warner Pacific College
• Type of Incident: Theft
• Number Affected: 1,536
• Source: DataBreaches.net
• Abstract Source: New Hampshire Attorney General (PDF), ID Experts

Abstract
Warner Pacific College is working to notify students after a laptop containing personal information was stolen. The laptop, stolen on January 3 from the home of an employee, contained the names, addresses, dates of birth, phone numbers and Social Security number of 1,536 students. Warner Pacific is offering those affected twelve months of credit monitoring at no cost. In addition, Warner Pacific plans to implement encryption on personally assigned, college-owned laptops.

Quick Facts

• Date: 1/18/2011
• Institution: University of Sydney
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: DataBreaches.net
• Abstract Source: The Age, Sydney Morning Herald, Sydney Morning Herald, Sydney Morning Herald

Abstract
The University of Sydney is working to respond to a complicated situation discovered after a hacker defaced the university's main website and emailed the defacement to all students. While investigating how the front page of the university's website was defaced, detailed records on former and current students were discovered to be publicly available. The records, part of invoices generated for students using the Higher Education Contribution, contain student names, addresses, email addresses, enrolled courses and course costs. University of Sydney Vice-Chancellor Michael Spence confirmed, in a letter to students, that the university had been made aware of the data breach back in 2007 and the problem had been corrected. However, according to Spence, a software update at some point inadvertently removed the fix and exposed the student information once more. As a result of the breach, New South Wales acting Privacy Commissioner John McAteer has launched an investigating into the University of Sydney incident to determine if the university had violated the NSW Privacy and Personal Information Act of 1998.