Educational Security Incidents (ESI)

Quick Facts

• Date: 6/23/2006
• Institution: San Francisco State
• Type of Incident: Theft
• Number Affected: 3,000
• Source: Attrition.Org
• Abstract Source: SFGate.com

Abstract

San Francisco State University (SFSU) has announced that a laptop has been stolen from the car of a faculty member. This laptop contained about 3,000 names and Social Security numbers belonging to current and former SFSU students. Grades and telephone numbers of some students were also on this laptop. While the laptop was stolen on June 1, the university was not notified of the incident until June 6. According to a university spokesperson the university has taken appropriate action, but it is not uncommon for faculty to keep student information on their computers. The spokesperson declined to answer questions about disciplinary action. Police are investigating this as a typical car break-in and do not believe the thief knew about the data contained on the laptop.

Quick Facts

• Date: 6/22/2006
• Institution: University of Kentucky
• Type of Incident: Theft
• Number Affected: 6,500
• Source: Attrition.org
• Abstract Source: The Kentucky Kernel

Abstract
The University of Kentucky is alerting 6,500 students that their personal information is at risk after the recent theft of a USB flash drive containing class rosters from a classroom. UK estimates this 4GB drive contained up to 130 files containing UK School of Human and Environmental Sciences class rosters dating from 1988 to 2006. These rosters contained student names, grands and Social Security numbers, which UK uses as student IDs. The university is currently phasing out the use of SSNs as student IDs, a plan that will be complete by October.

Quick Facts

• Date: 6/20/2006
• Institution: University of Alabama, Birmingham
• Type of Incident: Theft
• Number Affected: 9,800
• Source: Attrition.Org
• Abstract Source: Attrition.org

Abstract

A laptop belonging to the University of Alabama, Birmingham's kidney transplant program containing donor, recipient and potential recipient information has been stolen. This computer was taken from a locked office back in February, but the university delayed notifications until it could reconstruct all of the missing data. According to university officials, the information on this computer included names, Social Security numbers, and medical information of the 9,800 individuals involved in the transplant program.

A university spokesperson mentioned that there is no evidence that this information has been used for any illegal purposes and that the university has increased physical security measures. However, the University of Alabama is offering one year of free credit monitoring to all affected individuals.

Quick Facts

• Date: 6/17/2006
• Institution: Western Illinois University
• Type of Incident: Penetration
• Number Affected: 240,000
• Source: Attrition.Org
• Abstract Source: Belleville News Democrat

Abstract

A computer containing the names, address and Social Security numbers of 240,000 people connected to Western Illinois University was breached on June 5, 2006. The university was aware of the incident as soon as it occurred and took immediate steps to correct the vulnerability. Since the intruder only had access for a short amount of time, the university is not aware of any records that were viewed or copied.

Quick Facts

• Date: 6/9/2006
• Institution: Ohio University
• Type of Incident: Penetration
• Number Affected: 70,000
• Source: Attrition.Org
• Abstract Source: Ohio News Now

Abstract

Ohio University officials announced that two more computer systems were discovered to have been the victims of criminal computer attacks. These recent breaches exposed personal information on over 70,000 individuals including subcontractors paid by Ohio University over the past two years. In a letter sent out to affected individuals the university was quick to point out that there has been no evidence that personal information was being used to commit fraud or identity theft.