Quick Facts

• Date: 6/29/2010
• Institution: University of Maine
• Type of Incident: Penetration
• Number Affected: 4,585
• Source: Data Loss DB
• Abstract Source: The Maine Campus
• Update1 Source: Bangor Daily News
• Update2 Source: The Maine Campus

Abstract
The University of Maine recently announced that the breach of two servers could place student information at risk. The servers, belonging to the university's Counseling Center, contained the names, Social Security numbers and clinical information for 4,585 students that attending the center between August 2002 and June 2010. According to Robert Dana, University of Maine's Dean of Students, the first breach of the servers may have occurred early in March 2010 and the attackers used this access to compromise a second server containing the student information. Dana called university and college networks "prime targets" for attack and stated that the University of Maine is under "literally thousands of [attack] attempts per day." While the university works with Debix to notify affected individuals and offer one year of credit monitoring, the University of Maine Police are investigating the incident with assistance from US Attorney's Office and the US Secret Service. More information is available at http://umaine.edu/informationcenter/

Update1
The University of Maine system recently briefed the Board of Trustees on a plans to improve data security at all seven campuses following the breach of the counseling center over the summer. The Strategic Information Security Plan calls for $860,000 a year over three years to "... address IT problems when they arise and prevent ongoing vulnerabilities by putting additional protections in place" according to Vice Chancellor for Finance and Administration Rebecca Wyke. In additional to the increased spending, the costs of the original breach was about $130,000.

Update2
An interview with the Maine Police Department officer heading the investigation into the breach of the University of Maine's Counseling Center computer revealed that none of the affected students have reported any identity theft. While the investigation is still ongoing, Officer Bill Mitchell has not found any new evidence that would be cause for alarm. Mitchell praised the efforts of the University of Maine's Information Technology department in improving security measures and he plans to have the investigation concluded by the summer.

Quick Facts

• Date: 11/13/2008
• Institution: University of Maine
• Type of Incident: Penetration
• Number Affected: 200
• Source: ESI
• Abstract Source: WCSH6, Bangor Daily News

Abstract
The University of Maine announced the arrest of a former student charged with illegally accessing hundreds of student email accounts. Following a three week investigation by the University of Maine campus police, the Maine State Police Computer Crimes Task Force and the United States Secrete Service charged former UMaine business student James Wieland with one count of aggravated criminal invasion of computer privacy. The university believes that Wieland is responsible for distributing a downloadable game through email that contained a trojan key logging program. Wieland allegedly sent the email to over 1,000 student email address and had gained access to over 200 accounts as a result. The university became aware of the incident after two students received emails from each other while riding on an airplane together. It is not known why Wieland wanted access to these accounts.