Quick Facts

• Date: 2/25/2011
• Institution: Imperial College London
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: ESI
• Abstract Source: Live!

Abstract
The Department of Computing at Imperial College London recently warned staff and students that all users will need to change their passwords following a server breach. The breach affected a linux server at the college that is used in the network login process. In response to the breach, college staff shut down two servers, "shell1" and "shell2", and sent a notice to users that everyone will need to change their passwords by 5PM GMT on February 25, 2011. Users that fail to changes their passwords by this deadline will have their accounts locked and will not be allowed to access any college services.

Quick Facts

• Date: 2/22/2011
• Institution: St George's University of London
• Type of Incident: Penetration
• Number Affected: N/A
• Source: ESI
• Abstract Source: Guardian News

Abstract
St George's University of London and the London Metropolitan Police have launched separate investigations into the breach of a St George's server that occurred in mid-February. Unknown individuals breached a database server run by St George's University of London medical school and used the access to send out a number of offensive email messages to users. One of the email messages claimed database was "closed due to Aids" and another claimed the St George's Administrative Board was involved with child pornography sting. The Primary Care Electronic Library (PECL) database is an online directory for doctors and nurses and does not contain any medical or sensitive information.

Quick Facts

• Date: 2/22/2011
• Institution: Chapman University, Brandman University
• Type of Incident: Unauthorized Disclosure
• Number affected: 13,000
• Source: ESI
• Abstract Source: LA Times

Abstract
Chapman University has begun notifying students after a document containing personal information was discovered online. The document, discovered by a Chapman student, contained the names, Social Security numbers, student ID numbers and financial aid information on 11,000 current and former Chapman University and Brandman University students as well as information on 2,000 applicants. The student immediately reported the file to Chapman officials. The file apparently was accidentally moved to the insecure folder. The investigation also found that the student who reported the file was the only individual to access the information according to Chapman spokesperson Mary Platt. As a precaution, Chapman is offering credit monitoring services to those affected by this incident.

Quick Facts

• Date: 2/7/2011
• Institution: Saginaw Valley State University
• Type of Incident: Penetration
• Number Affected: N/A
• Source: ESI
• Abstract Source: WNEM
• Update1 Source: Saginaw Valley Journal

Abstract
Saginaw Valley State University recently sent a notice to students following an attack on the university's web site. An unknown individual was able to gain access to the web server and used it send out large amounts of spam over several days. According to SVSU Executive Director of Information Technology Services Ken Schindler, there is no evidence that the attacker attempted to gain access to any other SVSU system. There was no personal or protected information on the web server but the campus was notified about the incident since the university's web site was taken offline to give staff time to repair the server.

Update1
Saginaw Valley State University are still working to upgrade the SVSU web server following the breach. According to SVSU Executive Director of Information Technology Services Ken Schindler, it appears that the hackers gained access through two security holes, one in a student organization's web page and the other in the content management system used on the server. One of the causes for the delay is the changes in latest version of the content management system which renders parts of the SVSU "unacceptably broken". To help get the web page back online, SVSU has engaged Cast Iron Coding at an hourly rate of $125. Overall, Schindler is pleased with the way his staff has responded to the breach despite comments from the SVSU community questioning the performance of ITS staff. According to an SVSU spokesperson, the breach of the web server has not affected SVSU President Eric Gilbertson's confidence in Schindler.

Quick Facts

• Date: 2/11/2011
• Institution: Solano Community College
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: DataBreaches.net
• Abstract Source: Solano Tempest

  Abstract
  Solano Community College recently alerted students after discovering attempts to alter the college's financial aid website. According to Solano Community College Chief of Police Steven J Dawson, it does not appear that any students were affected by this fraud. While the investigation is still on-going, Dawson did state they are now aware of a "fairly large" student financial aid loan fraud scheme. There is at least one person of interest in the investigation but Dawson declined to identify this individual.