Educational Security Incidents (ESI)

Quick Facts

• Date: 4/28/2007
• Institution: McGill University
• Type of Incident: Unauthorized Disclosure
• Number Affected: Hundreds
• Source: ESI
• Abstract Source: CBC News

Abstract
McGill University is apologizing to students after CBC news alerted the university that student records were available on the McGill web site. Searches for student names through the web site search function returned personal student information including class transcripts and grade information. According to officials this error was caused by a new search feature implemented by the university. McGill University has removed all of the offending material from their public web site and staff say that few people accessed personal student information. However, the university is currently investigating the incident further and is taking steps to ensure something like this does not happen again.

Quick Facts

• Date: 4/28/2007
• Institution: University of New Mexico
• Type of Incident: Theft
• Number Affected: 3,000
• Source: Pogo Was Right
• Abstract Source: KOAT

Abstract
The University of New Mexico is alerting employees about the potential exposure of personal information after a recent UNM laptop theft. The laptop was stolen from a UNM office in San Francisco. Information on the laptop included the names, address, e-mail addresses, university IDs and payroll information on 3,000 employees. UNM officials believe their is little chance for Identity Theft since university IDs are of no use without the corresponding passwords, which were not contained on the laptop.

Quick Facts

• Date: 4/24/2007
• Institution: Purdue University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 175
• Source: ESI
• Abstract Source: BoilerStation

Abstract
Purdue University is alerting students to a possible breach of student information. Recently, a web site containing the names and Social Security Numbers of 175 Purdue students was found on the Internet. Purdue officials do not currently know how this information ended up on the web site, but are investigating the incident. Purdue is attempting to contact all affected individuals, but admits that contact information for those students no longer attending the university might be out of date. Purdue has created a hotline - (866) 307-8513 - and web site - www.purdue.edu/news/coe0704.html - for anyone that has concerns about this incident.

Quick Facts

• Date: 4/21/2007
• Institution: University of East Anglia
• Type of Incident: Unauthorized Disclosure
• Number Affected: 1,200
• Source: Pogo Was Right
• Abstract Source: Norwich Evening News

Abstract
University of East Anglia Sportspark officials are apologizing after a staff mistake exposed customer e-mail addresses. A recent e-mail sent out by the UEA Sportspark announcing a charity event contained the e-mail addresses of 1,200 UEA Sportspark customers. The staff member sending the e-mail forgot to hide the recipients address as is the standard practice at the UEA Sportspark. An apology was sent to all customers affected by this incident stating that the UEA Sportspark plans to implement changes to ensure all e-mail communications are checked by multiple staff members before sending.

Quick Facts

• Date: 4/19/2007
• Institution: New Mexico State University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 5,600
• Source: Pogo Was Right
• Abstract Source: The Santa Fe New Mexican

Abstract
New Mexico State University announced that a file containing student information was accidentally placed on a public NMSU web site for two hours on April 5. The file in question contained that names and Social Security numbers on over 5,600 NMSU students who had registered for commencement ceremonies from 2003 to 2005. According to NMSU officials, the file was accessed 14 times during these 2 hours, but the university has traced the IP address of these computers and does not believe there is a large threat to students. NMSU has also contacted Google to ensure the file is not archived in the search company's Google Cache archive. According to NMSU Chief Information Officer Michael Hites, the university has notified those students with an e-mail address on file about the incident and is currently working to notify the rest by postal mail.