Unauthorized Disclosure
Former Sonoma State University Student Information Exposed
Quick Facts
- Date: 9/26/2008
- Institution: Sonoma State University
- Type of Incident: Unauthorized Disclosure
- Number Affected: 600
- Source: Pogo Was Right
- Abstract Source: The Press Democrat
Abstract
Sonoma State University officials are alerting former computer science students after the university became aware of a problem with an internal server. The server, an internal Web server, held a roster containing the names and Social Security numbers of about 600 former SSU computer science majors. While the file was not directly linked from any web page, it was discovered through a web site "crawler" program a former student ran. SSU officials immediately removed the file as soon as they were made aware of the problem. While the site was only accessible by a small number of individuals, SSU has alerted all of the affected individuals and suggests they monitor their credit reports for fraudulent activities.
Two University of New Mexico Hospital Employees Post Injury Photos Online
Quick Facts
- Date: 9/23/2008
- Institution: University of New Mexico Hospitals
- Type of Incident: Unauthorized Disclosure
- Number Affected: Unkown
- Source: ESI
- Abstract Source: The Tech Herald
Abstract
The University of New Mexico Hospitals have fired two employees after an investigation discovered these employees were posting pictures of patients to MySpace. The employees would take pictures of patients undergoing various treatments and upload the photographs to the social networking site. According to Sam Giammo, the hospitals director of public affairs, more employees may face disciplinary actions as the investigation moves forward. The hospital has worked with MySpace to remove the photographs after an anonymous tip to a senior member of the hospital staff alerted the hospital to the problem.
Marshall University Students Information Online
Quick Facts
- Date: 9/11/2008
- Institution: Marshall University
- Type of Incident: Unauthorized Disclosure
- Number Affected: 198
- Source: ESI
- Abstract Source: Charleston Daily Mail
Abstract
Marshall University is working to notify students after it discovered a document on a university web site containing student information. The document, found a student web site, contained 198 names and Social Security numbers of students associated with the College of Education in 2004. The university discovered the document on August 22. In an email, university spokesperson Leah Edwards said this was the first time the university has had to initiate its incident response procedures.
Student Discovers Open Share Containing Clarkson University Employee Information
Quick Facts
- Date: 9/3/2008
- Institution: Clarkson University
- Type of Incident: Unauthorized Disclosure
- Number Affected: 245
- Source: Pogo Was Right
- Abstract Source: Clarkson Integrator
Abstract
On August 26, a non-malicious student discovered they could access a file containing Clarkson University employee information on a secured Clarkson server. The file contained the names, dates of birth and Social Security numbers of 245 current and former employees. The student that discovered the file immediately alerted the university, which launched an investigation into the incident. According to the university, the file became available on August 25 when work on the server caused the permissions to default back to open. The investigation determined that the only person to access the file during the brief period it was unsecured was that student that reported the incident. The university contacted all of the affected individuals and briefed them on the incident. When the Clarkson Integrator spoke with Kelly Chezum, the Assistant to the President for Strategic Advancement, she responded that, as a person affected by the incident, she "feel[s] pretty confident my personal information is fine."
[Update1]"Clerical error" Exposed Ivy Tech Spring 2008 Distance Education Student Information
Quick Facts
- Date: 9/2/2008
- Institution: Ivy Tech Community College
- Type of Incident: Unauthorized Disclosure
- Number Affected: 23,000
- Source: ESI
- Abstract Source: Ivy Tech Security Notice
- Update1 Source: Indy Channel
Abstract
An astute reader wrote ESI to make us aware of a recent incident at Ivy Tech Community College. According to the Ivy Tech Security Notice, a "clerical error" when sharing a file containing student information caused the file to be shared with all Ivy Tech Indianapolis region employees. The file contained names, addresses and Social Security numbers of all students enrolled in spring 2008 distance education courses. The internal investigation reviled the between July 28 and July 31, 102 Ivy Tech employees accessed the file in question. In an alert to students, Ivy Tech recommends that the students place fraud alerts on their credit files as a precaution. Ivy Tech has created a web site - www.ivytech.edu/about/security/faq-0708.html - to help answer questions about the incident.
Corrected number of Ivy Tech employees accessing the file from 108 to 102. - Adam
Update1
According to a letter from Ivy Tech Indianapolis Vice President of Administration William Morris an employee accidentally sent a file containing the 23,000 student records to a mailing list of 1,400 people.
