Quick Facts

• Date: 9/7/2010
• Institution: University of Nebraska-Lincoln
• Type of Incident: Student Misconduct
• Number Affected: 1
• Source: ESI
• Abstract Source: Journal Star

Abstract
The University of Nebraska-Lincoln is revamping security measures after a student allegedly hacked into registration system. Mauricio Martinez Eusso is thought to have guessed the password to his ex-girlfriend's account and used the access to change her password and drop her from three courses. Eusso’s former girlfriend said that Eusso has been harassing her and accessign her bank and student accounts since they broke up. While the hacking incident resulted because of Eusso’s personal knowledge of the victim and not any inherent security flaw, UNL has instituted minor changes to the registration system, called MyRED. According to officials, the system will now lock accounts after five failed password attempts and email users when their password has been changed.

Quick Facts

• Date: 12/4/2009
• Institution: University of Nebraska Lincoln
• Type of Incident: Penetration
• Number Affected: 4,000
• Source: DataLossDB.org
• Abstract Source: The Doings Clarendon Hills

Abstract
The University of Nebraska Lincoln began notifying high school graduates after discovering a security breach involving a computer containing personal information. The server, used as part of a student the university was conducting on the practices of school districts and standardized test performances, contained the names, Social Security numbers and ACT test score information on 4,000 high school graduates between 2002 and 2005. The information was gathered from the ACT organization with the permission of the Hinsdale High School District 86, Glenbard District 87 and schools in South Sioux City. An investigation into the incident discovered the computer was not adequately secured which allowed unauthorized external access to the computer and the information. In the letters sent to the 4,000 individuals, the university is offering one year of LifeLock identity theft protection.

Quick Facts

• Date: 7/2/2008
• Institution: University of Nebraska at Kearney
• Type of Incident: Penetration
• Number Affected: 2,035
• Source: ESI
• Abstract Source: NTV

Abstract
The University of Nebraska at Kearney has begun sending letters to former students after nine computers where discovered to have been compromised by an unknown individual. These computers, located in the College of Natural and Social Sciences contained information on advisees in the Department of History in 2002 and 2003, deciding students in Fall 2001 and Fall 2002, and students in the online Master of Science in Biology program since Spring 2005 including 2,035 student Social Security numbers. According to university officials, no academic records were affected. The university has created a web site - www.unk.edu/securityincident/ - and a hotline - 308-865-8950 - where concerned individuals can get more information. On the web site, the university recommends that students affected by this incident place fraud alerts on their credit reports.

Quick Facts

• Date: 5/22/2008
• Institution: University of Nebraska-Lincoln
• Type of Incident: Unauthorized Disclosure
• Number Affected: 290
• Source: Pogo Was Right
• Abstract Source: NTV

Abstract
The University of Nebraska-Lincoln recently announced that it discovered that student information was available through a university web site. The site, which belonged to a math professor, had the names and Social Security numbers of 290 (66 full SSNs and 224 partial SSNs) students dating back to 2000. According to the university, the professor was using them to student identifiers, a practice UNL moved away from last year. According to UNL Vice Chancellor Chris Jackson, the professor, Steven Dunbar, was not aware that the information would be so readily available.

Quick Facts

• Date: 2/7/2007
• Institution: University of Nebraska-Lincoln
• Type of Incident: Unauthorized Disclosure
• Number Affected: 72
• Source: Attrition.org
• Abstract Source: Omaha World-Herald

Abstract
University of Nebraska-Lincoln officials have announced that the university recently discovered the names and Social Security numbers of 72 employees, faculty and students were accessible online. This information was posted to an unsecured web site by a UNL employee over two years ago. The university was notified that this information was publicly accessible Monday, and quickly moved to remove the information from the university's web site. UNL officials are taking this exposure very seriously, and have already mailed out letters to the 66 students, 4 staff and 2 faculty members affected by this incident. In this letter UNL instructs these individuals where they can go to monitor their credit reports and what to look for in terms of suspicious credit activity. While the university does monitor its public web sites for Social Security numbers, these 72 went unnoticed because they did not contain the two dashes ("-") commonly found in Social Security numbers.