Educational Security Incidents (ESI)

Quick Facts

• Date: 7/2/2008
• Institution: University of Nebraska at Kearney
• Type of Incident: Penetration
• Number Affected: 2,035
• Source: ESI
• Abstract Source: NTV

Abstract
The University of Nebraska at Kearney has begun sending letters to former students after nine computers where discovered to have been compromised by an unknown individual. These computers, located in the College of Natural and Social Sciences contained information on advisees in the Department of History in 2002 and 2003, deciding students in Fall 2001 and Fall 2002, and students in the online Master of Science in Biology program since Spring 2005 including 2,035 student Social Security numbers. According to university officials, no academic records were affected. The university has created a web site - www.unk.edu/securityincident/ - and a hotline - 308-865-8950 - where concerned individuals can get more information. On the web site, the university recommends that students affected by this incident place fraud alerts on their credit reports.

Quick Facts

• Date: 5/22/2008
• Institution: University of Nebraska-Lincoln
• Type of Incident: Unauthorized Disclosure
• Number Affected: 290
• Source: Pogo Was Right
• Abstract Source: NTV

Abstract
The University of Nebraska-Lincoln recently announced that it discovered that student information was available through a university web site. The site, which belonged to a math professor, had the names and Social Security numbers of 290 (66 full SSNs and 224 partial SSNs) students dating back to 2000. According to the university, the professor was using them to student identifiers, a practice UNL moved away from last year. According to UNL Vice Chancellor Chris Jackson, the professor, Steven Dunbar, was not aware that the information would be so readily available.

Quick Facts

• Date: 2/7/2007
• Institution: University of Nebraska-Lincoln
• Type of Incident: Unauthorized Disclosure
• Number Affected: 72
• Source: Attrition.org
• Abstract Source: Omaha World-Herald

Abstract
University of Nebraska-Lincoln officials have announced that the university recently discovered the names and Social Security numbers of 72 employees, faculty and students were accessible online. This information was posted to an unsecured web site by a UNL employee over two years ago. The university was notified that this information was publicly accessible Monday, and quickly moved to remove the information from the university's web site. UNL officials are taking this exposure very seriously, and have already mailed out letters to the 66 students, 4 staff and 2 faculty members affected by this incident. In this letter UNL instructs these individuals where they can go to monitor their credit reports and what to look for in terms of suspicious credit activity. While the university does monitor its public web sites for Social Security numbers, these 72 went unnoticed because they did not contain the two dashes ("-") commonly found in Social Security numbers.

Quick Facts

• Date: 03/29/2006
• Institution: University of Nebraska-Lincoln
• Type of Incident: Unauthorized Disclosure
• Number Affected: 342
• Source: Attrition.org
• Abstract Source: Technology Marketing Corporation

Abstract
The University of Nebraska-Lincoln is tightening its information security posture after it was discovered that the Google search engine's Google Cache service had stored a UNL College of Engineering Web page that contained information. This page was used in 2004 by the College of Engineering to track student information contained student names, e-mail address, Social Security numbers and grade point averages. UNL had removed this page from its servers earlier in 2006, but Google Cache had already indexed the page.