Quick Facts

• Date: 5/6/2011
• Institution: Central Oregon Community College
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: ESI
• Abstract Source: KTVZ

Abstract
Central Oregon Community College recently notified users after taking the college's web site down following a two security breaches. According to notices sent by COCC officials, the web site was taken down on Wednesday and then again on Thursday following security breaches of the site on both days. While originally COCC did not believe any personal information was at risk, additional investigation showed the attacker(s) may have had accesses to 2011 COCC nursing program applicant data and 2012 COCC Foundation scholarship data. According to the notices sent to students in each of these groups, the applications did not contain credit card or Social Security numbers, but did contain email addresses and COCC ID numbers. According to the college, investigations are still ongoing to make sure no additional personal or sensitive information is at risk following the breaches. COCC is working with local and federal law enforcement during the investigation.

Quick Facts

• Date: 4/18/2011
• Institution: Central Ohio Technical College
• Type of Incident: Unauthorized Disclosure
• Number Affected: 617
• Source: ESI
• Abstract Source: The Columbus Dispatch

Abstract
Central Ohio Technical College recently notified students after educational records were discovered in a file cabinet at an area storage facility. The cabinet, found at the Apple Tree Auction Center, contained course registration cards containing the names and Social Security numbers of 617 students registered for classes in Fall 2010. The cabinet was accidentally sent to storage when the college moved the Student Records office. Since January 2011, the college no longer records Social Security numbers on course registration cards. According to Central Ohio Technical College spokeswoman Alice Hutzel-Bateson, the records were back in the college's possession within 24 hours. The college is offering 12 months of free credit monitoring to those affected by this accident. Students with questions are asked to contact the college's Registrar Jackie Stewart at 740-364-9599.

Quick Facts

• Date: 4/14/2011
• Institution: National University of Ireland, Galway
• Type of Incident: Unauthorized Disclosure
• Number Affected: Unknown
• Source: DataBreaches.net
• Abstract Source: NUI Galway Notice

Abstract
The National University of Ireland, Galway recently announced that a file containing personal student information was accidentally made available. The file contained the names, student ID numbers, email address, and mobile phone numbers of students from 2008. The data was exposed after a security issue with the NUI Galway Clubs and Societies computer housing the file and the university believes the file was accessed multiple times between September 2008 and December 2009. The university setup a hotline - 091 492852 - to help answer questions those affected might have.

Quick Facts

• Date: 3/14/2011
• Institution: University of York
• Type of Incident: Unauthorized Disclosure
• Number Affected: 17,904
• Source: ESI
• Abstract Source: Nouse - University of York's Student Website

Abstract
The University of York is apologizing after a university website may have exposed personal student information. It was recently discovered that a student inquiry screening function enabled on the University of York web site disclosed personal details such as names, mobile phone numbers, home and university addresses, dates of birth, email addresses, and emergency contact information for 17,094 undergraduate, post-graduate and part-time students. The information was available to the general public and could be retried by entering as little as initials or course information. According to Stephen Town, University of York's Director of Information, the university rectified the situation as soon as it was notified and has notified the Information Commissioner about the breach. The university apologized for the incident and has launched an investigation to fully review data security at the university.

Quick Facts

• Date: 1/18/2011
• Institution: University of Sydney
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: DataBreaches.net
• Abstract Source: The Age, Sydney Morning Herald, Sydney Morning Herald, Sydney Morning Herald

Abstract
The University of Sydney is working to respond to a complicated situation discovered after a hacker defaced the university's main website and emailed the defacement to all students. While investigating how the front page of the university's website was defaced, detailed records on former and current students were discovered to be publicly available. The records, part of invoices generated for students using the Higher Education Contribution, contain student names, addresses, email addresses, enrolled courses and course costs. University of Sydney Vice-Chancellor Michael Spence confirmed, in a letter to students, that the university had been made aware of the data breach back in 2007 and the problem had been corrected. However, according to Spence, a software update at some point inadvertently removed the fix and exposed the student information once more. As a result of the breach, New South Wales acting Privacy Commissioner John McAteer has launched an investigating into the University of Sydney incident to determine if the university had violated the NSW Privacy and Personal Information Act of 1998.