Educational Security Incidents (ESI)

Quick Facts

• Date: 12/19/2007
• Institution: Norfolk and Norwich University Hospital
• Type of Incident: Unauthorized Disclosure
• Number Affected: 30
• Source: Pogo Was Right
• Abstract Source: Evening News 24

Abstract
Norfolk and Norwich University Hospital is currently trying to determine how medical files on 30 patients ended up in a trash bin this month. The files, found by woman in Bowthorpe, contained names, ages, hospital number of sick people as well as details of care, medical history and discharge information. NNUH has launched an investigation into the loss of these files, which are believed to belong to a nurse. In addition, hospital officials are reminding all staff members that security measures are to be followed at all times. The hospital plans to take the next 48 hours to personally contact each of the patients affected by this breach. According to Sandie Johnson, a spokesperson for the Norfolk and Norwich Patient and Public Information Forum, “We are extremely concerned to learn that any patient record has left the hospital, which is strictly against all N&N policy. The fact that, not only were these records removed from the hospital, but that they appear to have been disposed of in such a cavalier fashion shows a complete disregard for the basic tenant of patient/doctor relations and patient confidentiality."

Quick Facts

• Date: 12/14/2007
• Institution: University of Michigan - Flint
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: Pogo Was Right
• Abstract Source: ABC 12

Abstract
The University of Michigan - Flint is alerting student that their personal information may be at risk after several U of M - Flint machines were found to have been breached. The university noticed the breach of "several servers" on December 6. The university did not release what information is at risk or how many servers were affected, but is currently investigating the breach. The university urged students and staff to change passwords and will release more information when it becomes available.

Quick Facts

• Date: 12/11/2007
• Institution: Clark College
• Type of Incident: Unauthorized Disclosure
• Number Affected: 23
• Source: ESI
• Abstract Source: The Columbian

Abstract
On November 27, Clark College began notifying students a number of documents found in a trash bin off-campus on November 2. The documents were discovered by a C-Train bus driver in a trash bin on East Mill Plain Boulevard. According to Kim Kapp, a police spokeswoman, about 23 student names were identified in the trashed paperwork but Kapp would not say what else was contained on the documents. In a letter to students, Clark President Bob Knight wrote, "At this time, we believe the incident is limited to those (original) students, but, as a precaution, the college is bringing this incident to your attention so that you can be alert to signs of any unauthorized activity." This letter also urged students to closely monitor credit reports for signs of fraudulent activity.

Quick Facts

• Date: 12/11/2007
• Institution: University of Calcutta
• Type of Incident: Impersonation
• Number Affected: 1
• Source: ESI
• Abstract Source: The Telegraph

Abstract
An unknown individual in Nigeria was able to obtain access to a University of Calcutta professor's e-mail account and used this access to fool a friend of the professor out of money. The account, belonging to Ratan Khasnabish, a business management professor at the University of Calcutta, was used to send an e-mail to a businessman the professor was friends with asking for money to help pay a hotel bill. The businessman, assuming everything was fine, quickly wired the requested $2,500 to help out. However, soon after the businessman received another e-mail asking for more money, this time to help pay for airfare back to Calcutta. The businessman became suspicious. According to the businessman, "I sent a reply in Bengali, written in Roman script, asking the sender to write back to me in the same style. But there was no response. I then called Khasnabish on his cellphone and learnt that he was in Calcutta, not Nigeria." Complaints have been filed with the state home department.

Quick Facts

• Date: 12/07/2007
• Institution: University of New Mexico
• Type of Incident: Unauthorized Disclosure
• Number Affected: 333
• Source: ESI
• Abstract Source: SSNBreach.org

Abstract
SSNBreach.org and the Liberty Coalition have discovered still more files available to the public via the Internet that contain sensitive student information. In this latest find, 31 different files available on a University of New Mexico web site belonging to Associate Professor Vakhtang Putkaradze. The files included information on 333 students that had taken math course from Professor Putkaradze between Fall 2001 and Fall 2004. The information in these files included 177 partial Social Security numbers, 190 e-mail address and grade information on 333 students. According to the university, it appears the files have been online since 2001. The university immediately removed the files once notified and are working to clear copies out of search engine caches.