Quick Facts

• Date: 7/6/2010
• Institution: University of Hawaii, Manoa
• Type of Incident: Penetration
• Number Affected: 53,000 (40,870 Social Security numbers, 200 Credit Cards
• Source: ESI
• Abstract Source: University of Hawaii

Abstract
University of Hawaii, Manoa officials recently announced the breach of a server that contained personal information. The server, used by the university Parking Office, contained information on 53,000 people that had done business with the Parking Office between January 1998 and June 2010 including 40,870 Social Security numbers and 200 credit cards. The breach, which occurred on May 30, was discovered on June 15 during a routine security audit. According to officials the largest group affected by the incident are faculty and staff members employed in 1998. Others affected include those that purchased parking permits and visitors that hard their vehicles towed or appealed tickets between 1998 and 2010. The university has setup a web site - www.hawaii.edu/idalert - and hotline - 808-956-6000 - to help provide more information to those affected.

Quick Facts

• Date: 3/18/2010
• Institution: University of Calgary
• Type of Incident: Penetration
• Number Affected: 5,000
• Source: DataBreaches.net
• Abstract Source: Vancouver Sun

Abstract
The University of Calgary recently announced that patient records may have been exposed during a recent breach. The breach, involving a single computer that was compromised by two viruses, contained personal health information of 5,000 patients at University of Calgary's Sunridge Medical Center. While there is no evidence that the viruses, one of which would allow unauthorized access and control of the computer, exposed any information, Dr. Cathy MacLean, head of the department of family medicine, says that it is a concern. The computer in question was used to store copies of faxes, medical legal reports and billing data but did not contain electronic medical records.

Quick Facts

• Date: 3/15/2010
• Institution: Illinois State University
• Type of Incident: Unauthorized Disclosure
• Number Affected: Unknown
• Source: DataBreaches.net
• Abstract Source: Pentagraph.com

Abstract
A recent audit discovered that Illinois State University is not properly disposing of personal and sensitive information. In a recent report, Illinois Audit General Bill Holland stated auditors found employee Social Security numbers, personal health information and information on ISU credit card accounts in unsecured recycling bins and garbage cans in a number of offices. In addition, the audit points at problems in how sensitive data on old computers is handled. Greg Alt, ISU's Assistant Vice President for Finance and Planning, stated the university is working to improve the way sensitive information is destroyed.

Quick Facts

• Date: 3/6/2010
• Institution: University of Texas Southwestern Medical Center
• Type of Incident: Employee Fraud
• Number Affected: 12,000
• Source: Data Loss DB
• Abstract Source: Dallas Morning News

Abstract
The University of Texas Southwestern Medical Center is notifying patients that the might be at risk for identity theft after police discovered patient records in the possession of a former employee. The employee, Tracy Renay Thomas worked for UT Southwestern between March 2009 and September 2009, was found in possession of medical bills, Social Security numbers and insurance information on 21 former UT Southwestern patients. In response, UT Southwestern notified those 21 by telephone and is notifying 12,000 additional individuals by letter. Police discovered the information during an investigation into Thomas' boyfriend who police allege ran an identity theft ring with Thomas. According to officials, no UT Southwestern patients involved have been victimized but everyone affected is being offered one year of credit monitoring at no cost.

Quick Facts

• Date: 3/1/2010
• Institution: Bennett College
• Type of Incident: Penetration
• Number Affected: 1,100
• Source: ESI
• Abstract Source: News and Record

Abstract
Bennett College recently notified individuals after the breach of a payroll office computer. The computer contained the names, Social Security numbers, birth dates, pay rate and bank routing numbers of 1,100 employees and students. According to Bennett officials, the attacker used special software to access the computer and it is not know if the individual accessed the employee and student information. A review of the other computers in use at Bennett College did not uncover any additional breaches.