Quick Facts

• Date: 1/11/2011
• Institution: University of Connecticut
• Type of Incident: Penetration
• Number Affected: 18,000
• Source: ESI
• Abstract Source: UConn University News
• Update1 Source: New Hampshire Attorney General's Office via DataBreaches.net

Abstract
The University of Connecticut is investigating how many individuals are at risk after a vendor informed them that a web site with customer data has been breached. The breach involved a UConn Co-op HuskyDirect.com customer database that contained names, email addresses, email addresses, telephone numbers, credit card numbers, credit card expiration dates and credit card security codes for 18,000 customers. UConn officials directed the vendor that ran HuskyDirect.com to take the site offline when they learned of the breach and notified law enforcement. Letters have been sent to the affected individuals, which only includes individuals that used the web site and does not affect individuals that visited the Co-op in person or students that purchased textbooks. UConn is in the process of obtaining credit monitoring services for the affected individuals. More information on the breach is available here: bookstore.uconn.edu/QandA.html.

Update1
Hackers were able to gain access to 18,059 credit cards on the UConn Co-op website by using the vendors administrative password. Fandotech, the company hired to run HuskyDirect.com, determined on January 11 that the breach had occurred in late December 2010 despite initially reporting to UConn there was no evidence of a breach. In response to the breach, UConn alerted the Manchester, CT police, the FBI, the affected card holders and the credit card issuers about the breach. As part of the response to the incident, UConn has taken the web site down, contracted with Debix to provide credit monitoring for those affected and hired Trustwave to conduct a forensic audit on the breach.

Quick Facts

• Date: 10/27/2010
• Institution: University of Connecticut
• Type of Incident: Unauthorized Disclosure
• Number Affected: 23
• Source: ESI
• Abstract Source: The Daily Campus

Abstract
The University of Connecticut recently notified several former students after personal information was discovered online. The information, a list of former students, contained the names and Social Security numbers of 23 individuals enrolled in a class in 2000. The university became aware of the incident when a former student discovered the information and contacted university officials. The list was immediately taken down. In an address to the University Senate, Provost Peter Nicholls urged faculty and staff to remove sensitive information from their computers. In addition, Nicholls outlined a plan to protect personal information which includes restricting access to sensitive information, annual training and using technology to protect vulnerable data.

Quick Facts

• Date: 8/19/2010
• Institution: University of Connecticut
• Type of Incident: Theft
• Number Affected: 10,174
• Source: DataBreaches.net
• Abstract Source: University of Connecticut

Abstract
The University of Connecticut is working to notifying individuals after the theft of a laptop containing personal information. The laptop contained the names and Social Security numbers of 10,174 current and former UConn West Hartford applicants between 2004 and 2010. The theft was discovered on August 3 after IT staff noticed the laptop was missing from a storage cabinet. In the letter to those individuals affected, UConn is offering two years of credit monitoring through Debix Identity Protection Network. UConn officials are investigating the theft to determine if all university policies were followed and if disciplinary actions are warranted.

Quick Facts

• Date: 4/22/2008
• Institution: University of Connecticut
• Type of Incident: Unauthorized Disclosure
• Number Affected: 10
• Source: Pogo Was Right
• Abstract Source: WFSB

Abstract
The University of Connecticut is currently investigating how a hard drive filled with personal pictures, documents and information was sold to a student. When Ryan Green installed the hard drive he purchased for $200 from the UConn Co-op, he discovered it contained around 10,000 pictures and 10,000 word documents as well as some sensitive information such as credit card, drivers license and passport information. Green reported this to the Campus Police who launched an investigation into the incident. In all it appears 10 individuals are affected by this incident. One of the individuals, a UConn professor, said he had given the Co-op permission to copy his hard drive when it was in for repair. Police do not expect the investigation to drag out long. According to officials, the Co-op does not resell used hard drives and the staff is cooperating fully with police.

Quick Facts

• Date: 3/31/2008
• Institution: University of Connecticut
• Type of Incident: Unauthorized Disclosure
• Number Affected: 242
• Source: SSNBreach.org
• Abstract Source: SSNBreach.org News Release

Abstract
SSNBreach.org and the Liberty Coalition discovered yet another university sharing student information via the Internet. In this latest incident, SSNBreach.org announced that an excel file on economics professor Dr. Stiver's web site contained the names, homework scores and grades of 242 students that had enrolled in Dr. Stiver's Economics 242 course. Also included in this file were 8 digit Social Security numbers of 14 students. It appears that the university became aware of this incident before SSNBreach.org. By the time SSNBreach.org notified the university, UConn officials had already removed the files, worked with major search engines to clear the files from caches and had contacted the affected individuals. The university is offering two years of credit monitoring to affected students.