Quick Facts

• Date: 9/29/2010
• Institution: University of Florida
• Type of Incident: Unauthorized Disclosure
• Number Affected: 239
• Source: ESI
• Abstract Source: University of Florida News

Abstract
The University of Florida recently announced the accidental exposure of former student information on a web-accessible archive setup by a faculty member in 2003. The archive, with information from a 2003 University of Florida computer science class, contained the names and Social Security numbers of 239 former UF students. The archive was discovered last month and immediately removed from the server. Currently, it is not known if the information was accessed or used. The University of Florida phased out Social Security numbers as student IDs in 2003. The web site will not be re-enabled in the same form. Current UF policy only allows posting of grades through the university's secure e-learning course management system. Individuals that were affected are urged to follow the instructions in the notification letter, however individuals with questions can contact UF's Privacy Office at 1-866-876-HIPA.

Quick Facts

• Date: 9/1/2010
• Institution: University of Florida
• Type of Incident: Theft
• Number Affected: 8,300
• Source: ESI
• Abstract Source: My Fox Orlando, University of Florida

Abstract
The University of Florida is working to notify individuals after the theft of a laptop that belonged to a program affiliated with the university. The laptop contained the names, Social Security numbers and some Florida driver's license numbers on 8,300 P.K. Yonge students and employees dating back to 2000. The laptop was stolen on July 23 from a P.K. Yonge Development Research School employee's rental car while in San Francisco. The theft was originally reported to the California police and later reported to the University of Florida Police Department. P.K. Yonge staff are taking steps to prevent similar problems in the future by installing encryption software on laptops. In the letter to those affected, university officials recommend they monitor their credit reports for signs of identity theft. The University of Florida has setup a web site - privacy.ufl.edu/incidents/2010/pkyonge - with more information on the incident.

Quick Facts

• Date: 7/6/2010
• Institution: University of Florida
• Type of Incident: Unauthorized Disclosure
• Number Affected: 2,047
• Source: ESI
• Abstract Source: University of Florida News Release

Abstract
University of Florida officials recently notified individuals after letters about a research study contained personal information on the labels. The letters, inviting individuals to participate in a College of Medicine’s Department of Epidemiology and Health Policy Research research study, contained the names, and Social Security numbers or Medicaid identification numbers of 2,047 individuals. The personal information was accidentally included on the mailing labels affixed to the letters. Instead of personal information, the labels were supposed to include randomly generated numbers to help a telephone survey company verify interested participants. The survey company, Macro International Inc has made plans to purge the personal information from their systems. In total, 647 labels included Social Security numbers and the rest contained Medicaid identification numbers.

Quick Facts

• Date: 9/14/2009
• Institution: University of Florida
• Type of Incident: Unauthorized Disclosure
• Number Affected: 34
• Source: DataBreaches.net
• Abstract Source: University of Florida News

Abstract
The University of Florida announced a recently discovered security breach of personal information. The breach involved a file containing the 34 names and 25 Social Security numbers of trainers working with the Florida Traffic and Bicycle Safety Education program in 2006. The file the unsecured file was removed as soon as it was discovered by university techs during a routine security check. While the file was last modified in 2006, the university believes that the risk to personal information is low. The university has setup a web site - privacy.ufl.edu/ - and hotline - 877-657-9133 - to help answer questions about the incident.

Quick Facts

• Date: 2/19/2009
• Institution: University of Florida
• Type of Incident: Penetration
• Number Affected: 97,200
• Source: ESI
• Abstract Source: University of Florida News

Abstract
The University of Florida is working to notify current and past students, faculty and staff after staff discovered a server breach. The "Grove" server hosted course documentation and course documentation containing files with the names and Social Security numbers of up to 97,200 individuals. UF staff discovered the breach on Jan 14 during routine IT system review. The computer was shut down and the UF launched an investigation. While the investigation was able to confirm unauthorized access had occurred, staff were not able to determine if the files containing private information had been accessed. In a letter (pdf) to the individuals affected by the breach, UF calls the risk of identity theft low but suggests people follow FTC guidelines. The University of Florida has created a web site - privacy.ufl.edu/incidents/2009/academic-technology - with more information on the breach.