Quick Facts

• Date: 3/2/2009
• Institution: Univeristy of Massachusetts
• Type of Incident: Employee Fraud
• Number Affected: 16
• Source: Pogo Was Right
• Abstract Source: The Register

Abstract
A former University of Massachusetts IT administrator is facing charges that he illegally accessed 16 student Facebook accounts and stole nude photos. Robert J DeCampos Jr faces 13 misdemeanor counts of unauthorized computer access and one felony count of larceny. According to court documents, DeCampos used student email accounts to gain access to the Facebook accounts where he was able to download the nude photos these accounts contained. DeCampos was fired by the university on October 20, four days after the discovery of the alleged computer trespass.

Quick Facts

• Date: 12/31/2008
• Institution: Ohio State University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 18,000
• Source: Pogo Was Right
• Abstract Source: Columbus Dispatch

Abstract
Ohio State University is working to notify current and former students after student personal information was found accessible via the Internet. The information, including Social Security numbers, names, address and enrollment dates, was accidentally placed on a server exposed to the Internet. OSU has traced the mistake to a third-party vendor working with the university's student health insurance program. The breach appears to have affected 18,000 students enrolled in the insurance program from Fall 2005 to Summer 2006. OSU is offering these individuals 12 months of free credit monitoring. According to OSU officials, the university became concerned in September when students began contacting the university after finding their personal information online. OSU has setup a web site - www.studentlife.osu.edu/dataexposure/ - with more information on the incident.

Quick Facts

• Date: 12/23/2008
• Institution: Ohio University - Chillicothe
• Type of Incident: Theft
• Number Affected: 38
• Source: Pogo Was Right
• Abstract Source: Chillicothe Gazette

Abstract
Ohio University - Chillicothe is working to alert members of the university's Health Wellness Center after staff discovered the theft of a hard drive containing personal information. The drive, part of a stand-alone machine using specialized software, contained the names and Social Security numbers of 38 current and former members. OU-C discovered the theft on December 9th and began investigating the incident. According to OU-C officials, the information is very difficult to access without the special software used by the Health Wellness Center. However, to help protect the individuals affected by this incident, OU-C is offering one year of free credit monitoring to the 38 current and former members affected by the theft.

Quick Facts

• Date: 12/20/2008
• Institution: Lorain County Community College
• Type of Incident: Penetration
• Number Affected: 22,000
• Source: Pogo Was Right
• Abstract Source: The Chronicle-Telegram

Abstract
Lorain County Community College announced that a sophisticated computer hacker breached two servers and could possibly have gained access to staff, students and community members personal information. The breach, which occurred during Thanksgiving break, involved the library card system which contained the names and Social Security numbers of about 22,000 staff, students and community members. LCCC staff discovered the breach when a virus alert went off due to an unknown individual download applications to the server. Staff immediately removed the server from the network to mitigate the breach until it could be investigated. According to LCCC VP of Strategic and Institutional Development Marcia Ballinger, the unknown individual was most likely looking to pirate space available on the servers and was not after personal information. However, LCCC will begin notifying all affected individuals and instructing them how to sign up for credit monitoring with Equifax. LCCC has enlisted the help and support of the FBI and other computer forensic experts in the investigation of the breach.

Quick Facts

• Date: 12/20/2008
• Institution: University of North Carolina School of the Arts
• Type of Incident: Penetration
• Number Affected: 2,700
• Source: Pogo Was Right
• Abstract Source: Winston-Salem Journal

Abstract
The University of North Carolina School of the Arts is working to notify current and former students about a computer breach that may have exposed personal information. The server, which went on line in 2003, contained the names and Social Security numbers of about 2,700 students enrolled between 2003 and 2006. The breach occurred in May 2006 and, according to officials, the school became aware of the breach last week. UNCSA staff is working to investigate the breach and are conducting tests to ensure the future safety of personal information.