Quick Facts

• Date: 9/2/2010
• Institution: University of Virginia College at Wise
• Type of Incident: Penetration
• Number Affected: N/A
• Source: DataBreaches.net
• Abstract Source: Krebs On Security
• Update1 Source: Highland Cavalier

Abstract
Well known computer security journalist Brian Krebs has learned that computer criminals have stolen almost $1,000,000 from the University of Virginia College at Wise last week. It appears that the thieves used a virus to steal the online banking credentials from the comptrollers computer. The thieves used this access to transfer $996,000 from the university's accounts at BB&T Bank to the Agricultural Bank of China. When contacted by Krebs, Kathy Still, UVA Wise Director of News and Media Relations, would only state that the school was investigating the incident and no student data was at risk.

Update1
It appears that the money stolen from UVa Wise has been recovered by the university. According to the college's Director of News and Media Relations Kathy Still, officials were able to catch the theft early on and no funds have been lost.

Quick Facts

• Date: 4/16/2008
• Institution: University of Virginia
• Type of Incident: Theft
• Number Affected: 7,000
• Source: ESI
• Abstract Source: DailyProgress.com

Abstract
The University of Virginia worked quickly to mail out notification letters after it became aware of the theft of a laptop that contained sensitive personal data. The laptop contained a confidential file that held names and Social Security numbers of 7,000 UVa students, faculty and staff members. The theft occurred off-campus and is being investigated by Albemarle County Police Department. At the request of the police department, UVa has released very few details about the theft.

Quick Facts

• Date: 6/8/2007
• Institutions: University of Virginia
• Type of Incident: Penetration
• Number Affected: 5,735
• Source: ESI
• Abstract Source: UVa Today
• Update Source: UVa Press Release

Abstract
University of Virginia is alerting faculty members that their personal information may have been compromised during a recent computer security breach. It seems that unknown an individual(s) accessed a database containing faculty names, birth dates and Social Security numbers on 54 separate days between May 20, 2005 and April 19, 2007. It appears that the attacker(s) gained access to this information through a special purpose Web application that was not intended for public access. The breach was discovered during an internal computer security audit on April 20, 2007. UVa Campus Police have launched an official investigation into this matter with the help of the FBI and UVa computing and auditing professionals. While no financial information was exposed, the university is warning affected faculty members that their financial information may become compromised if the attackers use the personal information to gain access to faculty financial records. UVa has created a web site - www.virginia.edu/itincident - with more information. In addition, UVa has setup a special purpose hotline - 866-621-5948 - and a special purpose e-mail address - identity-assistance@virginia.edu - to help answer any questions current or former faculty members may have about this incident.

Update
6/11/2007 - A recent letter sent by James L. Hilton, UVa Vice President and Chief Information Office, states that the university is offering 12 months of free credit monitoring for all current and former faculty members affected by this incident. UVa has partnered with ConsumerInfo.com, an Experian company, to provide faculty members with access to the company's Triple AdvantageSM Deluxe product which promises to monitor an individuals credit report at the three major bureaus for signs of suspicious and/or fraudulent activity.

Quick Facts

• Date: 12/14/2006
• Institution: University of Virginia
• Type of Incident: Unauthorized Disclosure
• Number Affected: 62
• Source: ESI
• Abstract Source: Daily Progress

Abstract
University of Virginia officials are asking all faculty to destroy any computer files or media that contain student's Social Security numbers. This move comes after the university suffers its second accidental disclosure of student SSNs. In this most recent incident, a teaching assistant accidentally e-mailed a spreadsheet containing names, grades and Social Security numbers to all 61 students in their class. While the university is in the process of phasing out the use of Social Security numbers as student identifiers, this will not happen until a new database system is installed. Currently, the university does not expect to have this new system installed and ready to use for another three years.

Quick Facts

• Date: 11/03/2006
• Institution: University of Virginia
• Type of Incident: Unauthorized Disclosure
• Number Affected: 632
• Source: Attrition.org
• Abstract Source: The Cavalier Daily

Abstract
The University of Virginia’s Student Financial Services accidentally e-mailed student names and Social Security numbers to wrong students. Instead of 1,264 e-mail alerts, SFS sent out 632 e-mails to students, the problem is that these e-mails contained the names and SSNs of the 632 students who did not receive any e-mail. While university officials say staff member immediately began correcting the computer program responsible for the leak, it has yet to send out any notification to affected students. One student, Will Rucker, did not know anything was amiss until The Cavalier Daily contacted him about the problem. UVA officials say the university will be notifying students of the error soon.