Educational Security Incidents (ESI)

Quick Facts

• Date: 7/25/08
• Institution: Ohio University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 492
• Source: Attrition.org
• Abstract Source: The Columbia Dispatch

Abstract
A clerical error at Ohio University's Centers for Osteopathic Research and Education (CORE) caused personal information on 492 individuals to be posted online. The data, contained in an excel spreadsheet, contained the names, Social Security numbers, addresses, contact numbers and federal employment identification numbers of individuals that had spoke at CORE according to a university spokesperson. The spreadsheet had been available from March 20 until it was removed on June 16 when a nurse discovered the file while doing research online. According to CORE the document that should have been posted did not contain any personal information. The individual that made the error was placed on paid administrative leave pending a review. CORE has created a web site - www.ohiocore.org/answers - and hotline - 866-437-8698 - to help answer questions.

Quick Facts

• Date: 6/6/2008
• Institution: Stanford University
• Type of Incident: Theft
• Number Affected: 72,000
• Source: Attrition.org
• Abstract Source: Stanford News Service

Abstract
Standford University is working to alert current and former employees after the university determined a stolen laptop contained confidential employee information. The university is currently investigating the incident and has not released any details about the theft. According to the university officials the laptop may contain the names, Social Security numbers, salary information, Stanford IDs, dates of birth, gender information, home addresses, telephone numbers and Stanford e-mail addresses on as many as 72,000 individuals. This incident affects those employees that had received a paycheck from the university before September 28, 2007.

Quick Facts

• Date: 5/29/2008
• Institution: University of California, San Francisco
• Type of Incident: Penetration
• Number Affected: 3,569
• Source: Attrition.org
• Abstract Source: UCSF News Office

Abstract
The University of California, San Francisco is currently alerting a number of patients that their information may have been accessed by an unknown individual. In January 2008, UCSF noticed odd traffic coming from a computer in January and an investigation turned up that an unknown individual installed an unauthorized file sharing program on the computer. This computer also contained the names, Social Security numbers, dates of pathology service and health information of 2,625 UCSF patients and 944 patients whose tissue samples were used by the department. While there is no evidence the patient files were accessed, UCSF takes this incident and patient confidentiality very seriously. The university has created a hotline - 415-353-7427 - and e-mail address - PathHotline@ucsf.edu - to help answer any questions affected individuals might have.

Quick Facts

• Date: 5/6/2008
• Institution: Ohio State University Agricultural Technical Institute
• Type of Incident: Unauthorized Disclosure
• Number Affected: 192
• Source: Attrition.org
• Abstract Source: The Columbus Dispatch

Abstract
The Ohio State University Agricultural Technical Institute accidentally sent an e-mail containing personal faculty and staff information to about 680 students. The e-mail had an excel attachment that contained names, positions, salaries and Social Security numbers on 192 faculty and staff members. In a follow-up e-mail students were asked to delete the e-mail that contained the personal information. Affected staff and faculty members are being offered free credit monitoring and identity theft protection. When asked if students could be trusted to delete the e-mail OSU ATI spokesperson Frances Whited responded "Of course!"

Quick Facts

• Date: 4/23/2008
• Institution: University of Texas Health Science Center at Tyler
• Type of Incident: Unauthorized Disclosure
• Number Affected: 2,000
• Source: Attrition.org
• Abstract Source: Tyler Morning Telegraph

Abstract
The University of Texas Health Science Center at Tyler is apologizing to patients after a it discovered that medical bills sent out clearly displayed patient Social Security numbers. A technical problem at CBE Group Inc., a collections agency used by UTHSCT, caused Social Security numbers to be printed on roughly 2,000 billing envelopes. UTHSCT is not aware of exactly how many individuals were affected since multiple bills could have been sent to a single individual. While UTHSCT is confident the exposure was limited since the information was not circulating around in public areas, the hospital takes full responsibility for the incident. UTHSCT urges anyone affected by this incident to contact the hospitals billing office. According to UTHSCT COO Rob Marshall, "It was a small glitch that we absolutely own up to and want to be able to take care of anyone who has issue as a result."