Educational Security Incidents (ESI)

Quick Facts

• Date: 11/21/2007
• Institution: University of Florida
• Type of Incident: Unauthorized Disclosure
• Number Affected: 415
• Source: Attrition.org
• Abstract Source: The Independent Florida Alligator

Abstract
The Liberty Coalition recently alerted the University of Florida that the names and Social Security numbers of more then 400 students was available to the public online. The liberty Coalition found 14 files containing the sensitive information dating back to 1998 on a UF web site. Students enrolled in the university's ISM 4220 or ISM 4330 courses between 1998 and 2001 are affected. UF officials immediately removed the files upon notification and a review of the available access log data shows that nobody had accessed the files in five years. An investigation into the incident showed that the files were posted to a gradebook before the university phased out the use of Social Security numbers and student identifiers. The university is still investigating how these files ended up online.

Quick Facts

• Date: 11/16/2007
• Institution: Wake Technical Community College
• Type of Incident: Loss
• Number Affected: Unknown
• Source: ESI
• Abstract Source: NBC 17

Abstract
Some Wake Tech Community College student received letters from the college after a flash drive containing student information was lost. The drive contained student names and Social Security numbers. This drive has since been recovered and college officials do not believe student information will be misused. However, Wake Tech does urge students to monitor their credit reports for fraudulent activity.

Quick Facts

• Date: 11/16/2007
• Institution: Indiana University-Purdue University Fort Wayne
• Type of Incident: Penetration
• Number Affected: 32
• Source: Pogo Was Right
• Abstract Source: Inside Indiana Business

  Abstract
  Indiana University-Purdue University Fort Wayne is working to notify 32 international students after an internal audit turned up malware on a former staffer's computer. The malware contained a Trojan Horse that spied on e-mail sent to and from the computer. E-mails on the machine contained the names and Social Security numbers on 32 current and former international students at IPFW. Letters have been sent to all affected students. In addition, IPFW has created a hot line - 866-597-0010 - and a web site - www.purdue.edu/news/ipfw0711.html - to help answer and additional questions about this incident.

Quick Facts

• Date: 11/16/2007
• Institution: Kansas State University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 128
• Source: ESI
  Abstract Source: Kansas State Collegian

Abstract
Kansas State University is working to alert 128 international students after their personal information was found to have been exposed online for one year. K-State interim vice provost for Information Technology Services, Lynn Carlin said that an "inadequately security controlled" server was hosting English Language Proficiency exam results online since November 2006. It is not known how this information remained online for a year before notice, but the university is investigating the incident. According to Carlin, the university decided to alert the 128 affected student before concluding the investigation so that these students could take steps to protect themselves. In a letter to students, K-State included information on how to contact each of the major credit bureaus and how to obtain a free credit report. In addition, international students with questions about this incident are encouraged to contact Maria Beebe, assistant director of the International Student Center.

Quick Facts

• Date: 11/14/2007
• Institution: Lehigh Valley College
• Type of Incident: Theft
• Number Affected: Unknown
• Source: ESI
• Abstract Source: The Morning Call

Abstract
Lehigh Valley College is still investing the theft of an unknown number of computers earlier this week. The computers were stolen from the computer repair areas of the college's Information Technology department. While it does appear a large number of computers were taken, the college does not yet have an exact count and Lehigh officials are reviewing paperwork to determine if any of the stolen computers contained student information.