Quick Facts

• Date: 5/6/2011
• Institution: Central Oregon Community College
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: ESI
• Abstract Source: KTVZ

Abstract
Central Oregon Community College recently notified users after taking the college's web site down following a two security breaches. According to notices sent by COCC officials, the web site was taken down on Wednesday and then again on Thursday following security breaches of the site on both days. While originally COCC did not believe any personal information was at risk, additional investigation showed the attacker(s) may have had accesses to 2011 COCC nursing program applicant data and 2012 COCC Foundation scholarship data. According to the notices sent to students in each of these groups, the applications did not contain credit card or Social Security numbers, but did contain email addresses and COCC ID numbers. According to the college, investigations are still ongoing to make sure no additional personal or sensitive information is at risk following the breaches. COCC is working with local and federal law enforcement during the investigation.

Quick Facts

• Date: 4/18/2011
• Institution: Central Ohio Technical College
• Type of Incident: Unauthorized Disclosure
• Number Affected: 617
• Source: ESI
• Abstract Source: The Columbus Dispatch

Abstract
Central Ohio Technical College recently notified students after educational records were discovered in a file cabinet at an area storage facility. The cabinet, found at the Apple Tree Auction Center, contained course registration cards containing the names and Social Security numbers of 617 students registered for classes in Fall 2010. The cabinet was accidentally sent to storage when the college moved the Student Records office. Since January 2011, the college no longer records Social Security numbers on course registration cards. According to Central Ohio Technical College spokeswoman Alice Hutzel-Bateson, the records were back in the college's possession within 24 hours. The college is offering 12 months of free credit monitoring to those affected by this accident. Students with questions are asked to contact the college's Registrar Jackie Stewart at 740-364-9599.

Quick Facts

• Date: 4/18/2011
• Institution: Eastern Illinois University
• Type of Incident: Student Misconduct
• Number Affected: Unknown
• Source: ESI
• Abstract Source: Eastern Illinois University Press Release

Abstract
Eastern Illinois University recently announced the potential exposure of sensitive information after the improper disposal of paper records. The records, contained in two bags taken by a student worker as part of a prank, contained the names and Social Security numbers of individuals employed by EIU in 2002. At this point, the university is working to identify the individuals affected. Coles County Sheriff's Department notified the university on Friday morning that coarsely shredded documents had been dumped roadside. The university responded quickly and staff were sent to find and collect the shredded documents. While the records were shredded in accordance with state guidelines, sensitive information may have been visible. The university is working to institute procedures to prevent a similar incident in the future.

Quick Facts

• Date: 4/13/2011
• Institution: Albright College
• Type of Incident: Theft
• Number Affected: 10,000
• Source: ESI
• Abstract Source: WFMZ
• Update1 Source: Reading Eagle Press

Abstract
Albright College recently announced the possible breach of personal information following the theft of computers containing personal information. The computers, stolen from the college's Financial Aid Office in February, contained names, addresses, dates of birth, Social Security numbers and account information on as many as 10,000 current students, prospective students, former students, faculty and staff. According to Albright Vice President for Enrollment Management Gregory E. Eichhorn, the theft may also affect parents, spouses or joint account holders as well. In response to the theft, Albright Public Safety has increased evening and weekend patrols and the college's Information Technology Services are working with departments to reduce the amount of confidential information retained on desktops. The college is working with the Reading Police Department, the County District Attorney's Office and the FBI. Crime Alert Berks County has setup a hotline - 877-373-9913 - for individuals that have more information regarding the theft and is offering up to a $5000 reward for information leading to an arrest.

Update1
One of the two computers stolen from Albright College has been recovered by State Police. The suspect in the theft appears to have stolen the computers to fund a drug habit and was not after the information on the device. The recovered laptop appears to contain most of the sensitive and personal information exposed by the theft. According to Sgt. Raymond Guth, there does not appear to be any evidence that the information on the recovered drive had been compromised by the theft.

Quick Facts

• Date: 3/31/2011
• Institution: Wenatchee Valley College
• Type of Incident: Unauthorized Disclosure
• Number Affected: 3,800
• Source: ESI
• Abstract Source: The Wenatchee World

Abstract
Wenatchee Valley College recently contacted former students after an error processing a public records request released personal student information. In response to a request from a local law firm for 10 years of financial records, WVC forwarded 84,000 pages of information that contained the names and Social Security numbers of 3,800 students that attended the college in 2002. The error was discovered by Brent Magarrell on March 24th. Magarrell contacted WVC about the error and also filed a FERPA violation complaint with the Department of Education.