Quick Facts

• Date: 7/23/2009
• Institution: University of Texas, Arlington
• Type of Incident: Penetration
• Number Affected: 27,000
• Source: ESI
• Abstract Source: University of Texas, Arlington

Abstract
The University of Texas, Arlington recently notified students, faculty and staff after the breach of a file server containing personal information. The file server, used by the university's Student Health Center, contained the names, addresses, prescription names, amount spent and diagnostic codes of 27,000 students, faculty and staff between 2000 and June 2010, including 2,048 Social Security numbers. The compromise was discovered on June 21, 2010 by IT staff and an investigation uncovered the server had been breached on four occasions between February 2009 and February 2010. According to the university, there were no credit card or other medial record information on the file server. So far, the university has notified 21,554 of the affected individuals and is working on notifying the remaining individuals through alternative methods. The university is offering free credit monitoring services to the 2,048 individuals whose Social Security numbers may have been exposed. UT Arlington has setup a hotline - 800-913-3055 - and web site www.uta.edu/data/index.php - to help provide more information to those affected.

Quick Facts

• Date: 7/16/2010
• Institution: Buena Vista University
• Type of Incident: Penetration
• Number Affected: 93,000
• Source: ESI
• Abstract Source: Security Week

Abstract
Buena Vista University recently announced a that a database containing personal information may have been compromised. The database contained the names, Social Security numbers and and some Drivers License numbers for 93,000 current and former students, applicants, parents, alumni and donors going back to 1987. After discovering the breach, the university engaged a computer forensic team to investigate the breach. Once a breach was confirm in June, the university began to notify the affected individuals. According to university officials, there is no evidence the information was accessed or has since been misused. Buena Vista University has referred the breach to the U.S. Attorney for the District of Minnesota.

Quick Facts

• Date: 7/14/2010
• Institution: Oregon State University
• Type of Incident: Penetration
• Number Affected: 34,000
• Source: ESI
• Abstract Source: KVAL

Abstract
Oregon State University recently started to notify employees after a virus may have exposed personal information. The virus, which may have allowed unauthorized access to the information, was discovered on a computer that contained that names and Social Security numbers of 34,000 current and former employees employed between 1999 and 2005. According to OSU officials, it is "highly unlikely" that any of the information was exposed but the university is sending out alerts out of an abundance of caution. In the letters going out this week, the university urges the affected individuals to monitor their credit reports and financial statements for signs of fraud. OSU has setup a web site - http://oregonstate.edu/incidentresponse - and a hot line - 541-737-1007 - to help answer questions about the incident.

Quick Facts

• Date: 7/6/2010
• Institution: University of Hawaii, Manoa
• Type of Incident: Penetration
• Number Affected: 53,000 (40,870 Social Security numbers, 200 Credit Cards
• Source: ESI
• Abstract Source: University of Hawaii

Abstract
University of Hawaii, Manoa officials recently announced the breach of a server that contained personal information. The server, used by the university Parking Office, contained information on 53,000 people that had done business with the Parking Office between January 1998 and June 2010 including 40,870 Social Security numbers and 200 credit cards. The breach, which occurred on May 30, was discovered on June 15 during a routine security audit. According to officials the largest group affected by the incident are faculty and staff members employed in 1998. Others affected include those that purchased parking permits and visitors that hard their vehicles towed or appealed tickets between 1998 and 2010. The university has setup a web site - www.hawaii.edu/idalert - and hotline - 808-956-6000 - to help provide more information to those affected.

Quick Facts

• Date: 7/6/2010
• Institution: University of Florida
• Type of Incident: Unauthorized Disclosure
• Number Affected: 2,047
• Source: ESI
• Abstract Source: University of Florida News Release

Abstract
University of Florida officials recently notified individuals after letters about a research study contained personal information on the labels. The letters, inviting individuals to participate in a College of Medicine’s Department of Epidemiology and Health Policy Research research study, contained the names, and Social Security numbers or Medicaid identification numbers of 2,047 individuals. The personal information was accidentally included on the mailing labels affixed to the letters. Instead of personal information, the labels were supposed to include randomly generated numbers to help a telephone survey company verify interested participants. The survey company, Macro International Inc has made plans to purge the personal information from their systems. In total, 647 labels included Social Security numbers and the rest contained Medicaid identification numbers.