Educational Security Incidents (ESI)

Quick Facts

• Date: 10/9/2009
• Institution: University of Colorado, Denver
• Type of Incident: Impersonation
• Number Affected: N/A
• Source: ESI
• Abstract Source: ABC 7 Denver

Abstract
An email hoax claiming the Denver Columbus Day parade was canceled was traced to a University of Colorado, Denver computer. The email, which claimed to be from president of the Sons of Italy Columbus Day Parade Committee Richard SaBell, was traced to a public kiosk computer at the university that is open for public use. Denver police have seized the computer and are conducting an investigation into the hoax. The person responsible could face charges of fraud and identity theft. In addition, the university is very concerned over this incident and considers the hoax unauthorized use of a campus computer.

Quick Facts

• Date: 7/28/2009
• Institution: University of Colorado at Colorado Springs
• Type of Incident: Theft
• Number Affected: 766
• Source: DataBreaches.net
• Abstract Source: KRDO

Abstract
The University of Colorado at Colorado Springs has notified students after a laptop containing student information was stolen from the home of a faculty member. The laptop contained the names and grades of 766 students enrolled between 2003 and 2009. According to the university, the information, kept as part of class rosters, also could have contained the Social Security numbers of up to 241 of these students. According to a statement by UCCS Executive Director of Information Technology Jerry Wilson, UCCS regrets the loss of student information and will continue working with departments to encrypt all personally identifiable data.

Quick Facts

• Date: 4/25/2008
• Institution: University of Colorado, Boulder
• Type of Incident: Penetration
• Number Affected: None
• Source: Pogo Was Right
• Abstract Source: University of Colorado, Boulder News Center
• Update Source: University of Colorado, Boulder News Center

Abstract
The University of Colorado at Boulder has hired a security firm to help investigate the breach of three computers in the university's Division of Continuing Education and Professional Studies. So far, one of the computers was found to contain information on 9,000 students and 500 staff members. While the investigation is still on going the university believes that this computer contained data on individuals enrolled in Division of Continuing Education and Professional Studies courses between 1997 and 2003. UC-Boulder first became aware of the incident on April 24 when a malicious file was discovered on the computer. While there is no evidence that anyone gained access to personal information, the university plans on sending out notification letters to affected individuals by the end of next week. UC-Boulder has setup a web site - www.colorado.edu/itsecurity/contedu - with more information on the incident.

Update
The University of Colorado at Boulder announced today that the forensic analysis of the three computers that were suspected to have been compromised revealed that no personal information was affected during the incident. According to Dan Jones, Director of IT Security at CU-Boulder, university staff worked closely with Applied Trust Engineering and discovered that an interaction between two incompatible software programs that mimicked behavior consistent with malicious software.

Quick Facts

• Date: 5/22/2007
• Institution: University of Colorado, Boulder
• Type of Incident: Penetration
• Number Affected: 44,998
• Source: Attrition.org
• Abstract Source: Rocky Mountain News
• Update Source: Campus Technology

Abstract
University of Colorado, Boulder is alerting current and past students about possible Identity Theft after a recent security incident. An unknown individual was able to use a "worm" to penetrate security on a computer server in the College of Arts and Sciences Academic Advising Center at CU-Boulder. This server contained the names and Social Security number of almost 45,000 students dating back to 2002. An investigation into the breach discovered that the "worm" took advantage of a vulnerability in the Symantec anti-virus software on the server that CU-Boulder staff had failed to patch. Students were notified of this breach by letter. CU-Boulder dean of Arts and Sciences, Todd Glesson, is asking that all Arts and Sciences Advising Center IT operations be placed back under the central control of CU's Information Technology Services department.

Update
6/8/2007 - After completing the investigation into this incident, CU-Bolder officials have determined that the decentralized IT infrastructure on campus lead to the breach. It seems that the center in charge of the server had turned the local firewall off and failed to apply security patches to the machine in question. In addition, the investigation uncovered that the attacker was most likely attempting to gain control of the computer server, and was not after the information contained on the computer. However, CU-Boulder is erring on the side of caution after this incident. Current, CU-Boulder is working to stop the practice of distributing servers to departments and plans to bring all systems back under the centralized control of the university's IT Department.

Quick Facts

• Date: 12/15/2006
• Institution: University of Colorado, Boulder
• Type of Incident: Penetration
• Number Affected: 17,500
• Source: Attrition.org
• Abstract: University of Colorado

Abstract
The University of Colorado at Boulder has begun to notify 17,500 students that an attacker was able to gain unauthorized access to a computer in the UC Boulder College of Arts and Sciences. This computer was used for advisement purposes and contained personal student information including names and Social Security numbers. According the university officials, the attacker was able to gain access through a web site hosted on the computer. UC Boulder is still investigating this incident and is not aware of exactly what information was exposed during this attack at this point. UC Boulder stopped using SSNs for student identification back in 2005 and is currently deploying a complex program to search for any electronic records that still contain these numbers. The university has created a web page (http://www.colorado.edu/its/security/awareness/privacy/identitytheft.pdf) to help answer any questions students might have about the incident or how to protect themselves from Identity Theft.