Educational Security Incidents (ESI)

Quick Facts

• Date: 5/30/2007
• Institution: University of Iowa
• Type of Incident: Penetration
• Number Affected: 946
• Source: Pogo Was Right
• Abstract Source: Iowa Press-Citizen, Iowa Press-Citizen

Quick Facts
The University of Iowa is alerting 946 current and former Center of Disabilities and Development employees following a recent computer breach. The university discovered that a computer application containing employee information such as dates of birth and Social Security numbers was accessed by an unknown, external individual before March 2008. The university is currently investigating the incident and has alerted the FBI.

Quick Facts

• Date: 3/25/2008
• Institution: University of Iowa
• Type of Incident: Unauthorized Disclosure
• Number Affected: 9
• Source: SSNBreach.org
• Abstract Source: SSNBreach.org News Release

Abstract
SSNBreach.org announced today that it had discovered two files containing protected student information on the University of Iowa's Computer Science Department web site. The files in question contained the names, grades and partial Social Security numbers of nine students enrolled in the university's Summer 2001 22c-112 course. The files, which are dated November 2001 on the server, were removed immediately by the university but remained available through search engine caches through March 2008.

Quick Facts

• Date: 2/4/2008
• Institution: University of Iowa
• Type of Incident: Unauthorized Disclosure
• Number Affected 321
• Source: SSNBreach.org
• Abstract Source: SSNBreach.org Press Release

Abstract
An excel file on the web site of the College of Engineering's Student Development Center contained sensitive information on 321 University of Iowa students. The spreadsheet contained student names, GPAs, e-mail address, student IDs, and 215 Social Security numbers. Most of the students affected were those that applied for graduation in the Spring 2006 semester. The file has been online since March 15, 2006.

Quick Facts

• Date: 1/11/2008
• Institution: University of Iowa
• Type of Incident: Unauthorized Disclosure
• Number Affected: 216
• Source: Attrition.org
• Abstract Source: The Press-Citizen

Abstract
The University of Iowa has notified 216 former College of Engineering after student information was found publicly available on the Internet. The information exposed includes Social Security numbers and other personal information but does not include any financial information. According to Jane Drews, the university's Information Technology Security Officer, "Although the students affected are at minimal risk for identity theft or any kind of abuse of their personal information, it.s in keeping with our policy to let them know that this incident occurred and to suggest they be proactive in protecting their financial information."

Quick Facts

• Date: 10/8/2007
• Institution: University of Iowa
• Type of Incident: Theft
• Number Affected: 184
• Source: ESI
• Abstract Source: Iowa City Press-Citizen

Abstract
The University of Iowa is contacting 184 former and current students after a laptop belonging to a former UI Teaching Assistant was stolen. The computer, stolen from Tuomas Manninen's home, contained student names and grade information as well as about 100 student Social Security Numbers of students taking philosophy classes between 2002 and 2004. According to UI Information Technology Security Officer Jane Dews, the threat of identity theft is minimal since Manninen "buried the files in his directory structure and obfuscated the social security numbers." UI Philosophy department chairman David Stern is working to contact all of the affected students and is willing to talk with these students about the incident. According to the university, Manninen reported the September 15 theft to the University after filing a local police report in the Arizona city where Manninen now resides. UI has setup two web pages with more information, the first is for students who's SSNs were not in the files and the second is for those students who's SSNs were exposed.