Quick Facts

• Date: 3/20/2006
• Institution: Canterbury University
• Type of Incident: Unauthorized disclosure
• Number Affected:
• Source: INFOSEC Year In Review
• Abstract Source: RISKS 24.17

Abstract

(Abstract by Andrew King, taken from RISKS 24.17)
Thousands of [AU] Canterbury University students had their personal information exposed when online services were shut down leaving private records available to anyone with a user code and password last night. Information such as IRD numbers, transcripts, results, outstanding payments, medical conditions, and personal addresses could all be easily accessed online and could be changed by system users. The university's information technology department shut down the webfront. The university had installed a new online system late last year but there had not been any problems until now. [Source: *New Zealand Herald*, 20 Feb 2006; PGN-ed] http://www.nzherald.co.nz/section/story.cfm?c_id=1&ObjectID=10369269

Quick Facts

• Date: 9/29/2005
• Institution: University of Georgia
• Type of Incident: Penetration
• Number Affected: 1,600
• Source: EDUPAGE via INFOSEC Year In Review
• Abstract Source: AJC Metro

Abstract

The University of Georgia has revealed that a hacker was able to access a computer system that contained personal information for employees of the College of Agricultural and Environmental Sciences as well as people who are paid from that department. Social Security numbers were in the accessed database, though no credit card information was exposed. In all, 2,400 Social Security numbers for about 1,600 people were compromised, and the university is working to contact those affected. According to Tom Jackson, spokesperson for the university, names and Social Security numbers in the database were not connected, but an experienced hacker would likely be able to correctly match them up. The university suffered another computer hack in January 2004. No arrests have been made in that incident. The Atlanta Journal-Constitution, 29 September 2005

[Abstract taken directly from INFOSEC Year In Review]

Quick Facts

• Date: 9/16/2005
• Institution: University of California, Berkeley
• Type of Incident: Theft
• Number Affected: 98,000
• Source: INFOSEC Year In Review
• Abstract Source: PC World via EDUPAGE

Abstract

A laptop stolen in March from the University of California at Berkeley has been recovered, after being bought and sold several times, ultimately landing in South Carolina. When stolen, the computer contained sensitive data on more than 98,000 UC Berkeley graduate students, but by the time it was recovered, all of its files and operating system had been cleared, making it impossible to determine if the personal information was accessed after the theft. Following the theft, the university worked to contact those whose data was contained on the computer, as required by California law, and also hired an outside consultant to audit the institution's practices of handling such data, according to spokesperson Janet Gilmore. The university is currently assessing the recommendations of that audit and how to implement them. PCWorld, 16 September 2005

[Abstract by Edupage Editors taken directly from Edupage, September 16, 2005]

Quick Facts

• Date: 8/9/2005
• Institution: Sonoma State University
• Type of Incident: Penetration
• Number Affected: 62,000
• Source: INFOSEC Year In Review
• Abstract Source: San Francisco Chronicle via EDUPAGE

Abstract

Sonoma State University, an hour north of San Francisco, has become the latest in a growing list of universities to suffer a hacker attack that put personal information of students and staff at risk. At Sonoma State, hackers in July gained access to several computer workstations, which allowed them to access a number of other computers before university staff detected and put an end to the intrusion. In all, the hackers had access to names and Social Security numbers of nearly 62,000 students, applicants, or employees of the university between 1995 and 2002. A spokesperson for the university said the hackers did not have access to financial information and noted that there is currently no evidence that any of the information has been misused. Nevertheless, the university is required by state law to contact individuals whose personal information has been compromised, and the university is working to do just that. The university has set up a Web site with information and is advising affected individuals to contact credit-reporting agencies to be on the lookout for possible identity fraud. San Francisco Chronicle, 9 August 2005

[Abstract by Edupage Editors taken directly from Edupage, August 10, 2005]

Quick Facts

• Date: 7/6/2005
• Institution: University of Southern California
• Type of Incident: Unauthorized disclosure
• Number Affected:
• Source: INFOSEC Year In Review
• Abstract Source: The Register via RISKS

Abstract

A programming error in the University of Southern California's online system for accepting applications from prospective students left the personal information of ``hundreds of thousands of records'' publicly accessible. The flaw was discovered by a student in the process of applying.

[Abstract by Peter G. Neumann taken from RISKS 23.93]