Educational Security Incidents (ESI)

Quick Facts

• Date: 11/17/2008
• Institution: University of the Cumberlands
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: Pogo Was Right
• Abstract Source: Lexington Herald-Leader, Kentucky Attorney General Press Release

Abstract
A University of the Cumberlands student has been arrested and charged with hacking into student email accounts and using the information to blackmail these students. According to a press release from the Office of the Attorney General, Sungkook Kim was charged with identity theft and unlawful access to a computer following an investigation by the AG's cybercrime unit and the Williamsburg police. The investigation discovered that Kim had installed spyware on campus library computers to capture user IDs and passwords of students and faculty using the computers.

Quick Facts

• Date: 11/11/2008
• Institution: Sinclair Community College
• Type of Incident: Unauthorized Disclosure
• Number Affected: 1,000
• Source: ESI
• Abstract Source: Associated Press

Abstract
Sinclair Community College announced that it discovered that a file containing employee information was available online. The file, an excel spreadsheet, contained the names and Social Security numbers of about 1,000 employees working at the college between 2000 and 2001. The file was discovered by and employee performing a Web search. According to the college, the file was inadvertently uploaded by an employee and had been available online for almost a year. According to Sinclair President Steven Lee Johnson the college has no reason to believe anyone else accessed the information.

Quick Facts

• Date: 11/10/2008
• Institution: Seoul National University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 4,500
• Source: Pogo Was Right, The Breach Blog
• Abstract Source: The Korea Times

Abstract
The Seoul National University announced that information on a number of students was accidentally leaked to a university web page. An excel file containing the names, mobile phone numbers, military serial numbers and dates of birth of 4,500 students was mistakenly attached to an article giving notice of reserve force training. Staff are currently investigating if this information was accessed.

Quick Facts

• Date: 11/8/2008
• Institution: Texas A&M University - Corpus Christi
• Type of Incident: Unauthorized Disclosure
• Number Affected: 1,430
• Source: Pogo Was Right
• Abstract Source: Caller-Times

Abstract
Texas A&M University Corpus Christi will begin notifying applicants after a web site containing personal information was discovered. The web site, discovered by student, contained a document with 2005 application information including 1,430 names and Social Security numbers. University officials immediately removed the documents once they became aware of the incident. The university is working to attempt to discover how long this document was available online. This incident marks the fourth time in two years, including the second time in three months, that TAMUCC student data has been exposed.

Quick Facts

• Date: 10/14/2008
• Institution: Ryerson University
• Type of Incident: Unauthorized Disclosure
• Number Affected: Unknown
• Source: ESI
• Abstract Source: The Eyeopener Online

Abstract
Ryerson University is currently investigating how boxes containing sensitive documents could have been left unsecured in empty offices. The boxes, located in Kerr Hall South, contained payroll stubs, student numbers, grades, exams, staff tenure reports, and resumes. The boxes themselves contained labels such as "shred" and "confidential". The offices where the boxes were found were last used by the industrial engineering department in late 2007. According to Heather Driscoll, the university's FIPPA coordinator, it doesn't matter if the university can tell definitively whether or not anyone read the documents. For Driscoll the problem is that the documents were left unsecured in the first place.