Educational Security Incidents (ESI)

Quick Facts

• Date: 6/23/2008
• Institution: Southeast Missouri State University
• Type of Incident: Employee Fraud
• Number Affected: 800
• Source: Pogo Was Right
• Abstract Source: KFVS

Abstract
Southeast Missouri State University is working to alert students after it discovered that student personal information may be at risk. During a review of activity logs, the university discovered that a former employee had access hundreds of student records. According to university officials, records of 800 students, which included names and Social Security numbers, were found in the former employee's computer files. The university has filed charges against the former employee. The university has also setup a web site - www.semo.edu/identityalert/ - where students can find more information. Students wish additional questions are encouraged to call - (573) 986-6800 - or e-mail - identityalert@semo.edu - the university.

Quick Facts

• Date: 6/12/2008
• Institution: Columbia University
• Type of Incident: Employee Fraud
• Number Affected: 5,000
• Source: Pogo Was Right
• Abstract Source: Columbia Spectator, NY Sun

Abstract
Columbia University is apologizing to students after it discovered that a file available through a Google-hosted Web site contained personal student information. The file in question, a Housing and Dining database, was apparently uploaded by a student working for the Housing department in 2007. The student information was available from February 2007 through June 3, 2008 when an alumna discovered the personal information through a Google search. The university worked with Google to remove the file from the hosted web site. The university is offering two years of credit monitoring for the affected individuals. A petition circulated by Columbia students condemned the Housing department. The petition also called for department to launch an investigation of the student worker responsible for the incident, publicly disclose the results of the investigation the department is lawfully able to disclose and publicly report the steps the department will take to screen employees' ability to properly handle confidential information.

Quick Facts

• Date: 6/3/2008
• Institution: University of California, Irvine
• Type of Incident: Employee Fraud (updated)
• Number Affected: 1,132
• Source: Pogo Was Right
• Abstract Source: ComputerWorld
• Update1 Source: The Mercury News

Abstract
A large number of ID theft crimes affecting University of California, Irvine medical students has been traced back to a data breach at UnitedHeathCare. A total of 1,132 current and former graduate students enrolled in the university's graduate student health insurance program could fall victim to tax scam. So far, 155 of these students have had criminals file false tax returns in the students name an collect the refunds. Only those students enrolled in the insurance program in 2006-2007 are affected. The University of California, Irvine has setup a web site - www.uci.edu/identitytheftalert/ - to answer questions about this incident.

Update1
Police have arrested a Fort Worth, Texas man in connection with the ID theft crimes affected UC Irvine students. Authorities allege that Micheal Tyrone Thomas stole a file containing UC Irvine student information while working for UnitedHealthcare. According to a UnitedHealthcare statement, the company is "outraged that a former employee may have illegally accessed information regarding certain University of California, Irvine, students and may have used the information for criminal purposes" and UnitedHealthcare is working with authorities on the case.

Quick Facts

• Date: 4/28/2008
• Institution: University of Tokyo
• Type of Incident: Employee Fraud
• Number Affected: Unknown
• Source: ESI
• Abstract Source: Daily Yomiuri Online

Abstract
University of Tokyo officials moved to dismiss an associate professor after it was discovered this individual leaked graduate school entrance exam questions back in 2006. The former professor shared these questions with several students prior the exam date. It is not known how many students had advanced access to these questions, but it appears that some of the students that received the advance information are still attending the university.

Quick Facts

• Date: 3/20/2008
• Institution: Lasell College
• Type of Incident: Employee Fraud
• Number Affected: 20,000
• Source: Pogo Was Right
• Abstract Source: Lasell College News Advisory

  Abstract
  Lasell College is alerting 20,000 current and former students and staff that their personal information was illegally accessed by a college employee. The employee, a member of the Department of Information Technology, gained unauthorized access to a database containing names and Social Security numbers. The college became aware of the incident in early February after investigating suspicious activity. Lasell has also contacted law enforcement who has started their own investigation. Lasell College has setup a hotline - 617-243-2140 - and a web site - www.lasellemergency.net - to help answer any questions individuals may have.