Quick Facts

• Date: 8/18/2010
• Institution: Yale University
• Type of Incident: Theft
• Number Affected: 1,000
• Source: PHIPrivacy.net
• Abstract Source: New Haven Register

Abstract
Yale University School of Medicine began notifying individuals following the theft of a laptop. The laptop, stolen from the office of a data analyst, contained clinical health information on 1,000 individuals. The laptop was password protected but not encrypted. The university is working with the Yale and New Haven police departments to investigate the theft. Individuals that are affected by the theft may contact the School of Medicine at 877-751-3361 for more information.

Quick Facts

• Date: 8/8/2007
• Institution: Yale University
• Type of Incident: Theft
• Number Affected: 10,200
• Source: ESI
• Abstract Source: Yale Daily News

Abstract
Yale University is alerting 10,000 current and former students and about 200 staff members over the exposure of Social Security Numbers following the recent theft of two Yale computers. The computers in question were stolen from the Yale College (the undergraduate program) Dean's Office. These two computers contained the names and Social Security numbers of current and former students and some staff members but did not contain any financial information. The stolen computers are password protected and Yale officials believe the risk to individuals is low since the thief was most likely after the computer hardware and not the data. These files were not maintained on these computers for any purpose but were instead overlooked during recent Yale efforts to reduce the amount of PII on personal computers.

Quick Facts

• Date: 1/9/2006
• Institution: Yale University
• Type of Incident: Impersonation
• Number Affected: Unknown
• Source: InfoSec News
• Abstract Source: Yale Daily News

Abstract

A forged e-mail address of a Yale professor was used by hackers to spread a variant of the WMF exploit. The e-mail attempts to fool recipients into clicking on an included hypertext link. The e-mail is from a factious "Professor Robert Gordens" and asks the recipients for help in catching a graffiti vandal. Yale has not been linked to this WMF attack but has already received over 30 complaints from British citizens.

Quick Facts

• Date: 8/14/2002
• Institution: Yale University
• Type of Incident: Penetration
• Number Affected: 11
• Source: INFOSEC Year In ReviewNewsScan
• Abstract Source: NewsScan via INFOSEC Year In Review

Abstract

Princeton University has admitted that its admissions personnel hacked into rival Yale's computer system to check on the applications status of 11 students who also had applied to Princeton. The university has suspended with pay its associate dean and director of admissions, and a spokeswoman expressed deep regret "that information provided by students in good faith to the university was used inappropriately by at least one official in our admissions office." The perpetrator(s) apparently were easily able to access the students' records via the publicly available Yale.edu Web site because they already had the students' passwords -- the names, Social Security numbers and dates of birth they had provided on their Princeton applications. The site had been set up with a feature that enabled students to check on the status of their applications themselves. The founder of one electronic-rights group noted that while Princeton's actions clearly were wrong, it was foolish of Yale to rely on Social Security numbers and birth dates to secure student data. "It's not enough to have a weak Web site and depend on the good ethical behavior of others not to penetrate it," he said. "Similarly, it is not dequate to say that just because you found the weak Web site you should go ahead and penetrate it." (Wall Street Journal 26 July2002)

[Abstract taken directly from INFOSEC Year In Review]