Educational Security Incidents (ESI)

Quick Facts

• Date: 03/29/2006
• Institution: University of Nebraska-Lincoln
• Type of Incident: Unauthorized Disclosure
• Number Affected: 342
• Source: Attrition.org
• Abstract Source: Technology Marketing Corporation

Abstract
The University of Nebraska-Lincoln is tightening its information security posture after it was discovered that the Google search engine's Google Cache service had stored a UNL College of Engineering Web page that contained information. This page was used in 2004 by the College of Engineering to track student information contained student names, e-mail address, Social Security numbers and grade point averages. UNL had removed this page from its servers earlier in 2006, but Google Cache had already indexed the page.

Quick Facts

• Date: 03/24/2006
• Institution: California State University, Dominguez Hills
• Type of Incident: Theft
• Number Affected: 2,486
• Source: Attrition.org
• Abstract Source: California State University, Dominguez Hills

Abstract
A laptop belonging to a CSU, Dominguez Hills professor was recently stolen from the professor's office. This laptop contained information on 2,486 current and potential students that were completely separate from any other CSU, Dominguez Hills database. The university has no evidence that the information contained on the laptop was the target and believe the thief was only after a computer. However, the university has created a web site - www.csudh.edu/securityinfo - for students that have questions about the theft.

Quick Facts

• Date: 3/24/2006
• Institution: Vermont State Colleges
• Type of Incident: Theft
• Number Affected: 20,000
• Source: Privacy Rights Clearinghouse
• Abstract Source: Boston.com(Free Reg. Required)

Abstract

A laptop stolen from the car of Vermont State Colleges' Chief Information Officer (CIO) continued six years of personal information on faculty, staff and current and past students. The computer contained names, address, birth dates and Social Security numbers. As many as 20,000 individuals could have been exposed. VSC has sent out letters out to 50,000 current and former students and employees alerting them to this theft.

Quick Facts

• Date: 3/20/2006
• Institution: Canterbury University
• Type of Incident: Unauthorized disclosure
• Number Affected:
• Source: INFOSEC Year In Review
• Abstract Source: RISKS 24.17

Abstract

(Abstract by Andrew King, taken from RISKS 24.17)
Thousands of [AU] Canterbury University students had their personal information exposed when online services were shut down leaving private records available to anyone with a user code and password last night. Information such as IRD numbers, transcripts, results, outstanding payments, medical conditions, and personal addresses could all be easily accessed online and could be changed by system users. The university's information technology department shut down the webfront. The university had installed a new online system late last year but there had not been any problems until now. [Source: *New Zealand Herald*, 20 Feb 2006; PGN-ed] http://www.nzherald.co.nz/section/story.cfm?c_id=1&ObjectID=10369269

Quick Facts

• Date: 3/6/2006
• Institution: Georgetown University
• Type of Incident: Penetration
• Number Affected: 41,000
• Source: InfoSec News
• Abstract Source: ComputerWorld

Abstract

The US Secret Service has been called in to investigate the breach of a Georgetown University server that contained the names, dates of birth, and Social Security numbers of more then 41,000 people. The server was part of a grant project to manage information on various services provided by the Office of Aging in the District of Columbia. The breach was first noticed on Feb 12 by the Georgetown information security office. Georgetown notified the Office for the Aging on Feb 24 after the University understood the full scope of the exposure. The Secret Service was brought in on Feb 27 to aid in the investigation. The server in question was run and administered by an individual researcher and not by Georgetown University.