University of Virginia
Stolen UVa Laptop Contains Sensitive Data
Quick Facts
- Date: 4/16/2008
- Institution: University of Virginia
- Type of Incident: Theft
- Number Affected: 7,000
- Source: ESI
- Abstract Source: DailyProgress.com
Abstract
The University of Virginia worked quickly to mail out notification letters after it became aware of the theft of a laptop that contained sensitive personal data. The laptop contained a confidential file that held names and Social Security numbers of 7,000 UVa students, faculty and staff members. The theft occurred off-campus and is being investigated by Albemarle County Police Department. At the request of the police department, UVa has released very few details about the theft.
Hackers Access UVa Faculty Data Over 50 Times
Quick Facts
- Date: 6/8/2007
- Institutions: University of Virginia
- Type of Incident: Penetration
- Number Affected: 5,735
- Source: ESI
- Abstract Source: UVa Today
- Update Source: UVa Press Release
Abstract
University of Virginia is alerting faculty members that their personal information may have been compromised during a recent computer security breach. It seems that unknown an individual(s) accessed a database containing faculty names, birth dates and Social Security numbers on 54 separate days between May 20, 2005 and April 19, 2007. It appears that the attacker(s) gained access to this information through a special purpose Web application that was not intended for public access. The breach was discovered during an internal computer security audit on April 20, 2007. UVa Campus Police have launched an official investigation into this matter with the help of the FBI and UVa computing and auditing professionals. While no financial information was exposed, the university is warning affected faculty members that their financial information may become compromised if the attackers use the personal information to gain access to faculty financial records. UVa has created a web site - www.virginia.edu/itincident - with more information. In addition, UVa has setup a special purpose hotline - 866-621-5948 - and a special purpose e-mail address - identity-assistance@virginia.edu - to help answer any questions current or former faculty members may have about this incident.
Update
6/11/2007 - A recent letter sent by James L. Hilton, UVa Vice President and Chief Information Office, states that the university is offering 12 months of free credit monitoring for all current and former faculty members affected by this incident. UVa has partnered with ConsumerInfo.com, an Experian company, to provide faculty members with access to the company's Triple AdvantageSM Deluxe product which promises to monitor an individuals credit report at the three major bureaus for signs of suspicious and/or fraudulent activity.
UVa Faculty Urged To Destroy All Computer Data After Recent Incident
Quick Facts
- Date: 12/14/2006
- Institution: University of Virginia
- Type of Incident: Unauthorized Disclosure
- Number Affected: 62
- Source: ESI
- Abstract Source: Daily Progress
Abstract
University of Virginia officials are asking all faculty to destroy any computer files or media that contain student's Social Security numbers. This move comes after the university suffers its second accidental disclosure of student SSNs. In this most recent incident, a teaching assistant accidentally e-mailed a spreadsheet containing names, grades and Social Security numbers to all 61 students in their class. While the university is in the process of phasing out the use of Social Security numbers as student identifiers, this will not happen until a new database system is installed. Currently, the university does not expect to have this new system installed and ready to use for another three years.
University Delays Notifying Students of SSN E-mail Mix-up
Quick Facts
- Date: 11/03/2006
- Institution: University of Virginia
- Type of Incident: Unauthorized Disclosure
- Number Affected: 632
- Source: Attrition.org
- Abstract Source: The Cavalier Daily
Abstract
The University of Virginia’s Student Financial Services accidentally e-mailed student names and Social Security numbers to wrong students. Instead of 1,264 e-mail alerts, SFS sent out 632 e-mails to students, the problem is that these e-mails contained the names and SSNs of the 632 students who did not receive any e-mail. While university officials say staff member immediately began correcting the computer program responsible for the leak, it has yet to send out any notification to affected students. One student, Will Rucker, did not know anything was amiss until The Cavalier Daily contacted him about the problem. UVA officials say the university will be notifying students of the error soon.
Hundreds Affected By Computer Thefts
Quick Facts
- Date: 4/24/2006
- Institution: University of Virginia
- Type of Incident: Theft
- Number Affected: Hundreds
- Source: Attrition.org
- Abstract Source: The Cavalier Daily
Abstract
The University of Virginia was the victim of multiple computer thefts recently. A computer stolen from one of UVa's academic buildings contained student information, including Social Security numbers. According to university officials, it appears the thieves were after computer equipment and not the data on the hard drives. However, UVa is urging affected students to closely monitor their credit reports for signs of fraud.
