Quick Facts

• Date: 2/25/2011
• Institution: Imperial College London
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: ESI
• Abstract Source: Live!

Abstract
The Department of Computing at Imperial College London recently warned staff and students that all users will need to change their passwords following a server breach. The breach affected a linux server at the college that is used in the network login process. In response to the breach, college staff shut down two servers, "shell1" and "shell2", and sent a notice to users that everyone will need to change their passwords by 5PM GMT on February 25, 2011. Users that fail to changes their passwords by this deadline will have their accounts locked and will not be allowed to access any college services.

Quick Facts

• Date: 12/18/2010
• Institution: Stony Brook University
• Type of Incident: Student Misconduct
• Number Affected: 61,101
• Source: DataBreaches.net
• Abstract Source: Stony Brook Independent

Abstract
Stony Brook University is investigating how files containing student and faculty information ended up online. The file in question contained the names, usernames and University IDs of 61,101 students and faculty but did not contain any password or Social Security number information. The file was uploaded to sbuchat.com, a web site for “anonymous discussion and exchange of options of Stony Brook University students.” In an interview with the file-poster (who refused to be named), the file-poster compiled the file last May after discovering an exploit in a Stony Brook system that would allow someone to change passwords without knowing the original password. The exploit also allowed the file-poster to access a list of all registered faculty and students. According to Richard Reeder, Stony Brook’s CIO, two students did report the a problem like the one described by the file-poster and the flaw was fixed within a few hours. According to the file-poster, the original plan did not include posting the file publicly. However, after the sbuchat.com community demanded proof the list existed or be dismissed the file was posted in PDF and Excel formats.

Quick Facts

• Date: 9/7/2010
• Institution: University of Nebraska-Lincoln
• Type of Incident: Student Misconduct
• Number Affected: 1
• Source: ESI
• Abstract Source: Journal Star

Abstract
The University of Nebraska-Lincoln is revamping security measures after a student allegedly hacked into registration system. Mauricio Martinez Eusso is thought to have guessed the password to his ex-girlfriend's account and used the access to change her password and drop her from three courses. Eusso’s former girlfriend said that Eusso has been harassing her and accessign her bank and student accounts since they broke up. While the hacking incident resulted because of Eusso’s personal knowledge of the victim and not any inherent security flaw, UNL has instituted minor changes to the registration system, called MyRED. According to officials, the system will now lock accounts after five failed password attempts and email users when their password has been changed.

Quick Facts

• Date: 9/6/2010
• Institution: Eastern Michigan University
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: DataBreaches.Net
• Abstract Source: AnnArbor.com, AnnArbor.com

Abstract
Eastern Michigan University sent a campus-wide email concerning the a server breach discovered over the weekend. During routine monitoring on Saturday EMU's IT staff discovered that a server was compromised around 11:30PM on Friday. The server in question controls my.emich passwords and Banner Self Service PIN codes for both students and employees. EMU officials decided to issue the notice to all of campus since the login information on this server may allow additional access to EMU systems containing personal and banking information. While officials believe the risk of secondary access is minimal, the email urges caution especially for those employees with direct deposit. People with questions or information as asked to contact the Help Desk at helpdesk@emich.edu or 734-487-2120.

Quick Facts

• Date: 12/11/2009
• Institution: Daytona State College
• Type of Incident: Penetration, Impersonation
• Number Affected: 1
• Source: ESI
• Abstract Source: Daytona Beach News-Journal (via Google Cache)

Abstract
Daytona Beach Police are investigating the breach of Daytona State College's email system after the system was used to send out three bomb threats. The bomb threat emails were sent from the hacked system to one of the college's adjunct professors. The emails, which originated from an account belonging to an employee on the Daytona Beach campus, contained references to bombs and a threat to "blow this school up, and kill everyone till they are gone". According to John Banker, the college's security supervisor, the employee was not responsible and someone had hacked into her account. Daytona State College does not feel this is a viable but is taking steps to locate the person responsible.