Educational Security Incidents (ESI)

Quick Facts

• Date: 4/3/2008
• Institution: University of Oklahoma
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: ESI
• Abstract Source: The Norman Transcript

Abstract
University of Oklahoma student Jose Antonio Roman, 19, was charged in court Tuesday with violating the Oklahoma Computer Crimes Act. Allegedly Roman used his dorm room connection to break into other students accounts and cause havoc. Roman is accused of using his laptop and ARP poisoning to monitor dorm network traffic which allowed him to record students' usernames and passwords for online services such as e-mail and Facebook. Roman allegedly used this information to log into these accounts and change passwords, alter pictures, etc.

Quick Facts

• Date: 2/27/08
• Institution: Salt Lake Community College
• Type of Incident: Theft
• Number Affected: 1,000
• Source: ESI
• Abstract Source: Salt Lake Tribune

Abstract
Salt Lake Community College has contacted more then 25,000 individuals after it discovered that a stolen laptop may contain usernames and passwords. According to officials, the laptop, stolen from the SLCC's Continuing Community Education office, could contain the login information on up to 1,000 students, faculty and staff members. The login information would allow and individual to access SLCC's "My Page" system which contains information suchw as Social Security numbers and financial information. Within a few hours of the theft, SLCC staff began contacting individuals, urging them to change their "My Page" passwords.

Quick Facts

• Date: 2/19/2008
• Institution: Harvard University
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: ESI
• Abstract Source: The Harvard Crimson
• Update Source: The Harvard Crimson

Abstract
Harvard University's Graduate School of Arts and Sciences (GSAS) is dealing with an attack on an GSAS web site. Over the weekend, an unknown individual was able to compromise an unsecured web site and steal files containing sensitive information such as the administrators username and password, web site databases , web site backups and even a contact database. This information was then posted to Pirate Bay, a popular P2P web site. The 125MB torrent file, which already had 30 seeders and 16 leechers by 8pm last night, was accompanied by a statement claiming that the attack was a demonstration that the GSAS administrator did not know how to properly secure a web site.

Update1: It seems the compromise of the Graduate School of Arts and Sciences web site could have exposed the personal information on up to 10,000 individuals including 6,000 Social Security number and 500 Harvard University student ID numbers. Harvard officials began notifying students after an investigation determined that Harvard could not determine whether or not personal information was exposed. Given this, the university decided to alert students and applicants and offer free credit monitoring through Kroll, Inc.

Quick Facts

• Date: 1/23/2008
• Institution: Baylor University
• Type of Incident: Penetration
• Number Affected: 526
• Source: Pogo Was Right
• Abstract Source: The Lariat

Abstract
Baylor University is alerting its campus community that a student employee illegally gained access to Baylor Information Network (BIN) accounts over the break. The student was able to obtain the Bear ID and passwords of 526 individuals logging into the BIN system. While Baylor's Director of Media Communications, Lori Fogleman, stated the access did not include "sensitive information like Social Security Numbers, financial information or academic records," it should be noted that the BIN accounts did allow direct access to both the Baylor e-mail and Blackboard systems. Each of these systems could potentially hold sensitive and/or protected information. Baylor staff immediately expired affected account, forcing a password change for these individuals. The university declined to comment on how the university became aware of the breach or what actions the university or the FBI plan to take against the student worker.

Quick Facts

• Date: 1/18/2008
• Institution: Colorado State University
• Type of Incident: Unauthorized Exposure
• Number Affected: 300
• Source: SSNBreach.org
• Abstract Source: SSNBreach.org Press Release

Abstract
SSNBreach.org announced that it found four files on a Colorado State University web site containing the personal information on 300 students. These files contained 208 Social Security numbers, usernames and passwords on former Colorado State Warner College of Natural Resources students. The files appear to have been created between 2000 and 2004. The files were removed immediately after notification. Colorado State University Associate Director of Academic Computing & Networking Services Scott Baily stated, "Colorado State University takes personal privacy very seriously, and has policies against maintaining unencrypted files containing sensitive information. Indeed, last year we undertook a campus-wide SSN purge activity, where University-owned computers were scanned in an attempt to remove all files containing sensitive information.... I have contacted Yahoo, the only search engine that we can confirm had these files in their cache.... A total of 114 unique SSNs are involved. CSU has initiated a course of action to notify the affected parties to the extent possible."