Quick Facts

• Date: 11/7/2007
• Institution: Montana State University
• Type of Incident: Theft
• Number Affected: 216
• Source: ESI
• Abstract Source: Billings Gazette

Abstract
Quickly following the excel file incidents, Montana State University discovered that a Residence Life laptop containing personal information had been stolen somewhere off-campus. The laptop contained the names and Social Security numbers of 216 MSU staff and students that lived in on-campus housing from 1998-2007. There was no encryption used on the laptop. In letters sent to the affected staff and students, MSU urges them to closely monitor their credit reports for fraudulent activities, but the university has not offered to pay for any credit protection services at this point. the MSU Residence Life office is working to remove all sensitive personal information from portable devices to help prevent this type of incident in the future.

Quick Facts

• Date: 11/7/2007
• Institution: Montana State University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 55
• Source: ESI
• Abstract Source: Billins Gazette

Abstract
On November 2, Montana State University received a tip from an independent security analyst that an excel file publicly available on an MSU web site. The file contained the names and Social Security numbers of 42 MSU employees, mostly summer 2006 new hires. MSU immediately removed the file after it received the tip. However, while investigating this incident, MSU staff came across another excel file containing personal information. This file, available through the Department of Computer Science web site since 2002, contained travel voucher information, including Social Security numbers, on 13 staff members. Again, the university immediately removed the file from the web site.

Quick Facts

• Date: 10/12/2007
• Institution: Montana State University
• Type of Incident: Penetration
• Number Affected: 1,400 (encrypted)
• Source: ESI
• Abstract Source: Montana State University News

Abstract
Montana State University is working to alert students after an unknown individual(s) breached a university server. The server, part of the MSU Extended University, contained credit card numbers, names and Social Security numbers of students enrolled in Extended University courses over the past two years. MSU immediately took the server off-line as soon as the breach was discovered. In letters to affected students, the university points out that the data on all 1,400 students was encrypted and there is little chance the unknown individual was able to gain access to this sensitive information. However, the university recommends that students pay close attention to their credit reports as a precaution. MSU has setup a hotline - 406-994-6550 - and a web site - eu.montana.edu/security - to help answer any questions about the incident.