Quick Facts

• Date: 10/28/2010
• Institution: University of Hawaii West O’ahu, University of Hawaii Manoa
• Type of Incident: Unauthorized Disclosure
• Number Affected: 40,101
• Source: National ID Watch
• Abstract Source: National ID Watch, University of Hawaii West O’ahu News Release
• Update1 Source: Star Advertiser

Abstract
The University of Hawaii West O’ahu is notifying former students from both West O’ahu and the University of Manoa after personal information was discovered online. The information, discovered by Aaron Titus, Information Privacy Director for the Liberty Coalition which runs National ID Watch, was posted on a UH West O’ahu website for almost a year and contained the names, Social Security numbers, addresses, dates of birth and detailed educational information on 40,101 students. Individuals that attended the UH Manoa between 1990 and 1998 or in 2001 and individuals that attended UH West O’ahu in Fall 1994 or graduated between 1988 and 1993 may be affected. The information was part of a longitudinal study of UH students and the information was placed online in 2009. Titus found the information using Google and notified the the university, which removed the offending files shortly after being notified. UH West O’ahu has setup a web site with more information on the breach here: www.uhwo.hawaii.edu/idalertfaq.

Update1
The University of Hawaii is asking for nearly $2 million to improve security and reduce the chance of a future incident in the wake of a Liberty Coalition report (PDF) showing that UH is responsible for 54% of all breaches in Hawaii since 2005. The $1.9 million will go toward hiring a five person Web security team to monitor the 600 web servers across the 10 campuses and to purchase data loss and malware prevention software. UH will also need an addition $764,000 annually to maintain and operate the new security measures.

Quick Facts

• Date: 7/6/2010
• Institution: University of Hawaii, Manoa
• Type of Incident: Penetration
• Number Affected: 53,000 (40,870 Social Security numbers, 200 Credit Cards
• Source: ESI
• Abstract Source: University of Hawaii

Abstract
University of Hawaii, Manoa officials recently announced the breach of a server that contained personal information. The server, used by the university Parking Office, contained information on 53,000 people that had done business with the Parking Office between January 1998 and June 2010 including 40,870 Social Security numbers and 200 credit cards. The breach, which occurred on May 30, was discovered on June 15 during a routine security audit. According to officials the largest group affected by the incident are faculty and staff members employed in 1998. Others affected include those that purchased parking permits and visitors that hard their vehicles towed or appealed tickets between 1998 and 2010. The university has setup a web site - www.hawaii.edu/idalert - and hotline - 808-956-6000 - to help provide more information to those affected.

Quick Facts

• Date: 2/1/2010
• Institution: University of Hawaii
• Type of Incident: Penetration
• Number Affected: 35
• Source: DataBreaches.net
• Abstract Source: University of Hawaii Report to the Legislature (via DataBreaches.net)

Abstract
The University of Hawaii notified students after a computer containing credit card information was discovered to have been compromised. The computer, a desktop computer in the UH Pacific Aviation Training Center, was used to store student names and credit card numbers against policy as a “connivance” to the students. The compromise was discovered by a PATC employee and reported to the FBI on February 4, 2010. An investigation discovered that the computer was breached by another PATC computer that is used by faculty, staff and students in a planning and maps room. In total, 35 individuals have been identified as affected by this incident.