University of Oregon
Degree Auditing System Security Lapse Makes University of Oregon GPAs Visible Online
Quick Facts
- Date: 8/2/2009
- Institution: University of Oregon
- Type of Incident: Unauthorized Disclosure
- Number Affected: 20
- Source: DataBreaches.net
- Abstract Source: Oregon Daily Emerald
Abstract
The University of Oregon quickly fixed a security hole in the university's degree auditing system, DuckWeb. The hole, discovered by Daniel Bachhuber a University of Oregon student, allowed DuckWeb users to access other student educational records by slightly changing the printer friendly view URL. According to University of Oregon Registrar Sue Eveland, the security hole would only have allowed access to around 20 student records. The information contained in the DuckWeb records vulnerable did not contain any Social Security numbers. According to Eveland, the only person to exploit the security hole was Bachhuber and this was the first time the university was made aware of the problem.
University of Oregon Laptop Containing Personal Information Stolen
Quick Facts
- Date: 1/13/2009
- Institution: University of Oregon
- Type of Incident: Theft
- Number Affected: Unknown
- Source: ESI
- Abstract Source: University of Oregon Media Relations
Abstract
The University of Oregon announced that an employee's laptop containing Youth Transition Program (YTP) participant information was stolen. The laptop contained the names and Social Security numbers of YTP participants from 2004 to 2007. Youth Transition Program is a program that services more then 1,200 individuals between 17 and 21 with disabilities and provides career planning and employment services. The laptop was password protected, but there was no mention of encryption. University of Oregon provides evaluation services for YTP to help determine which programs are most effective. The university sent out notification letters to affected individuals and urged these individuals to monitor their credit scores.
