Duke University
Duke University Professor Places New York University Student Information On Web
Quick Facts
- Date: 5/20/2008
- Institution: Duke University
- Type of Incident: Unauthorized Disclosure
- Number Affected: 273
- Source: Pogo Was Right
- Abstract Source: The News & Observer
Abstract
Duke University recently notified a number of former New York University students that their information was accessible to the Internet on a Duke professor's web site. The information, which included 273 names and Social Security numbers, was available from July 2007 through April 2008. According to a Duke spokesperson, this incident affected student the unnamed professor taught back in 1997 before joining Duke and the information was part of the professor's research data. Duke officials state that to find the information an individual would have had to search for the student's name and a Social Security number code to find the information. At this point, there is no evidence of any unauthorized access of the information. Duke removed the data from its server within 30 minutes of being notified and had the files removed from search engine caches within hours. Duke University worked with New York University to obtain the addresses of the affected students.
Duke Mailing List Archive Contained Graduate Application Data
Quick Facts
- Date: 3/7/2008
- Institution: Duke University
- Type of Incident: Unauthorized Disclosure
- Number Affected: 221
- Source: Pogo Was Right
- Abstract Source: Triangle Business Journal
Abstract
Duke University recently discovered that graduate applicant data was available to public via an mailing list archive found online. The mailing list, accidentally left open to the public, contained the names, e-mail address and GPA scores of 221 applicants to the university's Physics program. According to the university, the information was available online for roughly three weeks. As soon as the university became aware of the problem the mailing list archive was secured and the university contacted major search engines to remove the information from caches. The university also sent letters to all affected applicants in which the head of the physics department expressed regret over the incident and said that multiple steps were being taken to ensure this does not happen in the future.
Duke Law School Web Site Illegally Accessed
Quick Facts
- Date: 12/4/2007
- Institution: Duke University
- Type of Incident: Penetration
- Number Affected: 2,300 (1,400 Social Security numbers)
- Source: ESI
- Abstract Source: Duke University Office of News & Communications
Abstract
Duke University is alerting a number of students after an individual(s) illegally gained access to the Duke University Law School web site which contained sensitive personal information on individuals that requested application information from the Law School. The web site contained the personal information on 2,300 potential applicants including name, home address, telephone number, e-mail address, username and password for the site, and the Social Security numbers of 1,400 applicants. Duke University urged the 1,400 applicants whose Social Security numbers were exposed to closely monitor their credit reports for fraudulent activity.
