Educational Security Incidents (ESI)

Quick Facts

• Date: 1/26/2007
• Institution: Eastern Illinois University
• Type of Incident: Theft
• Number Affected: 1,400
• Source: Attrition.org
• Abstract Source: Journal-Gazzette - Times Courier

Abstract
Eastern Illinois University has begun to notify 1,400 fraternity and sorority members that they are now at risk for identity theft. A theft recently made off with one desktop computer as well as the hard drives and memory from two other computers within EIU's Student Life office. This equipment contained a listing of all EIU fraternity and sorority members and included names, Social Security numbers, addresses and dates of birth for each member. These files were protected only by a sign-on password to the computer. EIU stressed the fact that only current current information was contained on this equipment and the Student Life office routinely purges old student records from its computer systems each semester. EIU officials also mentioned that the university is in the middle of phasing out most of the SSN usage on campus, a project scheduled to be completed by 2008.

Quick Facts

• Date: 1/26/2007
• Institution: Vanguard University
• Type of Incident: Theft
• Number Affected: 5,105
• Source: ESI
• Abstract Source: Daily Pilot

Abstract
Vanguard University announced the theft of two desktop computer from the University's Financial Aid office. At first VU did not believe that any student information was contained on these computers. However, after further investigation by the University's IT department, VU has discovered that these computers contained over 5,000 student records. The information contained in these records include student names, Social Security numbers, drivers license numbers, dates of birth, phone numbers and lists of assets. Anyone who applied for financial aid at VU for the 2005-2006 and 2006-2007 school years are at risk. VU is sending out letters to anyone that might be affected by this breach and has also create a Web site - identityalert.vanguard.edu - and a toll-free phone number - (800) 920-7312 - where students can get more information.

Quick Facts

• Date: 1/26/2007
• Institution: University of Arizona
• Type of Incident: Penetration
• Number Affected: N/A
• Source: ESI
• Abstract Source: Arizona Daily Star

Abstract
The University of Arizona announced that two department Web servers were recently compromised by individuals believed to reside outside of the United States. These machines, belonging to the University's Philosophy department and the to the Large Binocular Telescope Observatory, were compromised through a known vulnerability in the Twiki collaboration software. The intruder used their access to upload pornographic material to the Web sites and redirect link traffic to adult pages. Luckily, no student or sensitive data is believed to have been contained on these machines. Interestingly enough, the departments these computers belonged to were aware of the vulnerability in the program, but had not had a chance to deploy the patch to fix the problem.

Quick Facts

• Date: 1/25/2007
• Institution: University of Idaho
• Type of Incident: Theft
• Number Affected: 0
• Source: ESI
• Abstract Source: Seattle Post-Intelligencer

Abstract
The University of Idaho announced the theft of seven laptops valued at over $6,000 over the weekend. Fortunately, the university has concluded that no personal or sensitive information was contained on these computers. However, UI officials are using this theft, along with the recent theft of three desktop computers that exposed 70,000 student records, to help improve information security efforts at the university. These efforts include plans to create secure network storage for student records as well as encrypt all laptop computers. However, according to Chuck Lanham, the director of enterprise computing support, the key issue is awareness. According to Lanham awareness is "being aware of the types of information you're dealing with and asking if it is being put in places that could be made available easily or not so easily."

Quick Facts

• Date: 1/23/2007
• Institution: Rutgers - Newark
• Type of Incident: Theft
• Number Affected: 200
• Source: Attrition.org
• Abstract Source: The Rutgers Observer

Abstract
Rutgers announced the theft of a laptop from the office a Rutgers - Newark political science associate professor. The laptop contained Social Security numbers on 200 Rutger - Newark students, along with grading and class information on an unspecified number of students. According to the associate professor, Gabriela Kutting, the laptop contained student information because the laptop was used to enter student grade information. Recently, Rutgers switched from using SSNs as student identifiers to an internal number. According to Rutgers officials this switch is the reason for the relatively small amount of Social Security numbers exposed.