Educational Security Incidents (ESI)

Quick Facts

• Date: 6/6/2008
• Institution: Stanford University
• Type of Incident: Theft
• Number Affected: 72,000
• Source: Attrition.org
• Abstract Source: Stanford News Service

Abstract
Standford University is working to alert current and former employees after the university determined a stolen laptop contained confidential employee information. The university is currently investigating the incident and has not released any details about the theft. According to the university officials the laptop may contain the names, Social Security numbers, salary information, Stanford IDs, dates of birth, gender information, home addresses, telephone numbers and Stanford e-mail addresses on as many as 72,000 individuals. This incident affects those employees that had received a paycheck from the university before September 28, 2007.

Quick Facts

• Date: 5/29/2008
• Institution: University of California, San Francisco
• Type of Incident: Penetration
• Number Affected: 3,569
• Source: Attrition.org
• Abstract Source: UCSF News Office

Abstract
The University of California, San Francisco is currently alerting a number of patients that their information may have been accessed by an unknown individual. In January 2008, UCSF noticed odd traffic coming from a computer in January and an investigation turned up that an unknown individual installed an unauthorized file sharing program on the computer. This computer also contained the names, Social Security numbers, dates of pathology service and health information of 2,625 UCSF patients and 944 patients whose tissue samples were used by the department. While there is no evidence the patient files were accessed, UCSF takes this incident and patient confidentiality very seriously. The university has created a hotline - 415-353-7427 - and e-mail address - PathHotline@ucsf.edu - to help answer any questions affected individuals might have.

Quick Facts

• Date: 5/6/2008
• Institution: Ohio State University Agricultural Technical Institute
• Type of Incident: Unauthorized Disclosure
• Number Affected: 192
• Source: Attrition.org
• Abstract Source: The Columbus Dispatch

Abstract
The Ohio State University Agricultural Technical Institute accidentally sent an e-mail containing personal faculty and staff information to about 680 students. The e-mail had an excel attachment that contained names, positions, salaries and Social Security numbers on 192 faculty and staff members. In a follow-up e-mail students were asked to delete the e-mail that contained the personal information. Affected staff and faculty members are being offered free credit monitoring and identity theft protection. When asked if students could be trusted to delete the e-mail OSU ATI spokesperson Frances Whited responded "Of course!"

Quick Facts

• Date: 4/23/2008
• Institution: University of Texas Health Science Center at Tyler
• Type of Incident: Unauthorized Disclosure
• Number Affected: 2,000
• Source: Attrition.org
• Abstract Source: Tyler Morning Telegraph

Abstract
The University of Texas Health Science Center at Tyler is apologizing to patients after a it discovered that medical bills sent out clearly displayed patient Social Security numbers. A technical problem at CBE Group Inc., a collections agency used by UTHSCT, caused Social Security numbers to be printed on roughly 2,000 billing envelopes. UTHSCT is not aware of exactly how many individuals were affected since multiple bills could have been sent to a single individual. While UTHSCT is confident the exposure was limited since the information was not circulating around in public areas, the hospital takes full responsibility for the incident. UTHSCT urges anyone affected by this incident to contact the hospitals billing office. According to UTHSCT COO Rob Marshall, "It was a small glitch that we absolutely own up to and want to be able to take care of anyone who has issue as a result."

Quick Facts

• Date: 4/13/2008
• Institution: University of Toledo
• Type of Incident: Unauthorized Disclosure
• Number Affected: 6,488
• Source: Attrition.org
• Abstract Source: Toledo Blade

Abstract
A mistake by a University of Toledo employee exposes employee information to all employees. An employee accidentally moved 44 files containing the personal information of 6,488 University of Toledo employees to an internal server accessible by all UT employees. The files contained payroll information including name, address and Social Security numbers. Most of the information was on employees of UT Health Science Center in 1993 and 1999. The files were discovered by an IT employee the day after they were moved to the wrong folder. While the university believes the chance of anyone accessing the information were slim, officials sent letters to all affected individuals.