Quick Facts

• Date: 10/28/2010
• Institution: University of Hawaii West O’ahu, University of Hawaii Manoa
• Type of Incident: Unauthorized Disclosure
• Number Affected: 40,101
• Source: National ID Watch
• Abstract Source: National ID Watch, University of Hawaii West O’ahu News Release
• Update1 Source: Star Advertiser

Abstract
The University of Hawaii West O’ahu is notifying former students from both West O’ahu and the University of Manoa after personal information was discovered online. The information, discovered by Aaron Titus, Information Privacy Director for the Liberty Coalition which runs National ID Watch, was posted on a UH West O’ahu website for almost a year and contained the names, Social Security numbers, addresses, dates of birth and detailed educational information on 40,101 students. Individuals that attended the UH Manoa between 1990 and 1998 or in 2001 and individuals that attended UH West O’ahu in Fall 1994 or graduated between 1988 and 1993 may be affected. The information was part of a longitudinal study of UH students and the information was placed online in 2009. Titus found the information using Google and notified the the university, which removed the offending files shortly after being notified. UH West O’ahu has setup a web site with more information on the breach here: www.uhwo.hawaii.edu/idalertfaq.

Update1
The University of Hawaii is asking for nearly $2 million to improve security and reduce the chance of a future incident in the wake of a Liberty Coalition report (PDF) showing that UH is responsible for 54% of all breaches in Hawaii since 2005. The $1.9 million will go toward hiring a five person Web security team to monitor the 600 web servers across the 10 campuses and to purchase data loss and malware prevention software. UH will also need an addition $764,000 annually to maintain and operate the new security measures.

Quick Facts

• Date: 7/23/08
• Institution: University of Houston
• Type of Incident: Unauthorized Disclosure
• Number Affected: 259
• Source: SSNBreach.org
• Abstract Source: SSNBreach.org Media Release

Abstract
The Liberty Coalition recently announced that it had discovered personal student information on a University of Houston Mathematics Professor's web site in late May 2008. The files, belonging to Marjorie Marks, contained the names, Social Security numbers and grades of 259 students enrolled in the Fall 2005 Math 1310 course. While the university responded quickly to remove the files, search engine caches were not cleared until July 2008.

Quick Facts

Quick Facts

• Date: 7/15/2008
• Institution: California State University, Chico
• Type of Incident: Unauthorized Disclosure
• Number Affected: 30
• Source: SSNBreach.org
• Abstract Source: SSNBreach.org Media Release

Abstract
In May, the Liberty Coalition notified California State University, Chico that it discovered an excel file online that contained student information. The file, placed online in 2003 by a Computer Science professor, contained the names, partial Social Security numbers, test scores and lab scores of 30 students. The information appears to be on former students of Jim McElroy. The university quickly removed the file once notified and the file is no longer available through search engine caches.

Quick Facts

• Date: 7/11/2008
• Institution: University of Texas, Austin
• Type of Incident: Unauthorized Disclosure
• Number Affected: 2,490
• Source: SSNBreach.org
• Abstract Source: SSNBreach.org Media Release

Abstract
SSNBreach.org has announced that it discovered containing personal and sensitive information on University of Texas, Austin students and staff was available online. The information, contained in over 60 different files, contained information such as names, addresses, 66 social security numbers, 459 partial social security numbers, phone numbers, e-mails, scores, GPA, GRE Scores, Majors, Race, Gender, GPA, phone numbers, tax information, and other personal information. The files were found to have been posted online by at least four different faculty members. The university restricted access in January after being notified by SSNBreach.org but the files were still accessible through search engine caches through at least May 2008.