Educational Security Incidents (ESI)

Quick Facts

• Date: 8/27/2007
• Institution: University of Illinois, Urbana-Champaign
• Type of Incident: Unauthorized Disclosure
• Number Affected: 5,247
• Source: Pogo Was Right
• Abstract Source: The News-Gazette

Abstract
University of Illinois, Urbana-Champaign officials are apologizing to students after an e-mail to 700 College of Engineering students about a new Lego Robotics class was found to contain the personal information of 5,247 students. The e-mail contained a spreadsheet that a staff member used to gather e-mail address. Along with e-mail address, the spreadsheet contained other personal information including name, major, gender, race and ethnicity, class, date admitted, spring 2007 grade point average, and cumulative GPA as well as local address and phone number. The mistake was identified almost immediately after the 7:51am was sent out. By 10:08am the University issued another e-mail to the student that received the spreadsheet asking them to delete the file and the original e-mail message. UIUC officials are meeting to discuss how to best notify the affected students.

Quick Facts

• Date: 8/18/2007
• Institution: University of Toledo
• Type of Incident: Theft
• Number Affected: Over 30
• Source: Pogo Was Right
• Abstract Source: Toledo Blade

Abstract
While investigating the theft of a laptop stolen from the University of Toledo's student recreation center in late June, campus police discover that the laptop contained the names and Social Security numbers on at least 30 students and an unknown number of staff members. The university began sending out letters to students and staff letting them know how to protect themselves against Identity Theft. The laptop was stolen from the office of Judith Campbell, the assistant director of the recreation center. According to Ms. Campbell, the office was locked but the door often does not always close. In addition, campus lifeguards often use Ms. Campbell's office as a shortcut to the stairwell.

Quick Facts

• Date: 8/10/2007
• Institution: Loyola University Chicago
• Type of Incident: Unauthorized Disclosure
• Number Affected: 5,800
• Source: ESI
• Abstract Source: Sun Times

Abstract
Loyola University Chicago is alerting students over the accidental exposure of personal information. A computer belonging to Information Technology Services department that contained this information was disposed of before the drive could be wiped. Information contained on this computer includes student names, Social Security numbers, and some financial aid information. It is not known at this point why the computer hard drive was not erased, as is Loyola policy. Loyola is offering all affected students one year of free credit monitoring services.

Please note that this incident involves Loyola University Chicago and not Loyola College in Baltimore, MD. The link to this site has been updated to reflect this and the changes have been made to the ESI Year in Review - 2007. Special thanks to Paul R. Smith at Loyola College for alerting ESI to this mistake.

Quick Facts

• Date: 8/8/2007
• Institution: Yale University
• Type of Incident: Theft
• Number Affected: 10,200
• Source: ESI
• Abstract Source: Yale Daily News

Abstract
Yale University is alerting 10,000 current and former students and about 200 staff members over the exposure of Social Security Numbers following the recent theft of two Yale computers. The computers in question were stolen from the Yale College (the undergraduate program) Dean's Office. These two computers contained the names and Social Security numbers of current and former students and some staff members but did not contain any financial information. The stolen computers are password protected and Yale officials believe the risk to individuals is low since the thief was most likely after the computer hardware and not the data. These files were not maintained on these computers for any purpose but were instead overlooked during recent Yale efforts to reduce the amount of PII on personal computers.

Quick Facts

• Date: 8/2/2007
• Institution: University of Toledo
• Type of Incident: Theft
• Number Affected: Unknown
• Source: Pogo Was Right
• Abstract Source: Toledo Blade
• Update1 Source: Toledo Blade

Abstract
The University of Toledo is alerting staff and students over the recent theft of two hard drives from the university's Health and Human Services building. These drives are believed to contain some names, Social Security numbers and grade change information. According to UT compliance and privacy officer, Lynn Hutt, while it does not appear that the information was the target of the theft, the university takes this theft very seriously. All staff members were reminded of the need to always lock office doors, use strong passwords and to store sensitive information on secure university servers.

Update1
UT Associate Professor Thomas Tatchell has been charged with at least one of the hard drive thefts. Tatchell also faces charges of tampering with evidence, unauthorized use of property, obstructing official business, and filing a false report. It seems that while Tatchell claimed to have away from his office since May 2, security cameras recorded him removing the computer and hard drive from his office around 9pm on June 8. However, no arrests have been made involving the theft of the hard drive from Jeanette Espinosa, a secretary in the Health and Human Services building, which police believe occurred between June 15 and June 18.