Quick Facts

• Date: 11/18/2005
• Institution: Indiana University
• Type of Incident: Penetration
• Number Affected: 5,300
• Source: EDUPAGE
• Abstract Source: FortWyane.com

Abstract

Officials at Indiana University reported that a routine scan of computer systems turned up malicious software on the computer of a faculty member at the Kelley School of Business. According to James Anderson, the school’s director of information technology, the software could have been used to access the personal information of about 5,300 current and former students at the university, though no reports have surfaced that the information was used illicitly. The school has notified the students who are possibly affected and encouraged them to monitor their credit reports for suspicious activity. Daniel Smith, dean of the Kelley School, said all of the institution's computers are being audited to ensure they are free of malicious software and have current antivirus and system patches installed.

Abstract by Edupage Editors

Quick Facts

• Date: 9/29/2005
• Institution: University of Georgia
• Type of Incident: Penetration
• Number Affected: 1,600
• Source: EDUPAGE via INFOSEC Year In Review
• Abstract Source: AJC Metro

Abstract

The University of Georgia has revealed that a hacker was able to access a computer system that contained personal information for employees of the College of Agricultural and Environmental Sciences as well as people who are paid from that department. Social Security numbers were in the accessed database, though no credit card information was exposed. In all, 2,400 Social Security numbers for about 1,600 people were compromised, and the university is working to contact those affected. According to Tom Jackson, spokesperson for the university, names and Social Security numbers in the database were not connected, but an experienced hacker would likely be able to correctly match them up. The university suffered another computer hack in January 2004. No arrests have been made in that incident. The Atlanta Journal-Constitution, 29 September 2005

[Abstract taken directly from INFOSEC Year In Review]

Quick Facts

• Date: 9/16/2005
• Institution: University of California, Berkeley
• Type of Incident: Theft
• Number Affected: 98,000
• Source: INFOSEC Year In Review
• Abstract Source: PC World via EDUPAGE

Abstract

A laptop stolen in March from the University of California at Berkeley has been recovered, after being bought and sold several times, ultimately landing in South Carolina. When stolen, the computer contained sensitive data on more than 98,000 UC Berkeley graduate students, but by the time it was recovered, all of its files and operating system had been cleared, making it impossible to determine if the personal information was accessed after the theft. Following the theft, the university worked to contact those whose data was contained on the computer, as required by California law, and also hired an outside consultant to audit the institution's practices of handling such data, according to spokesperson Janet Gilmore. The university is currently assessing the recommendations of that audit and how to implement them. PCWorld, 16 September 2005

[Abstract by Edupage Editors taken directly from Edupage, September 16, 2005]

Quick Facts

• Date: 8/9/2005
• Institution: Sonoma State University
• Type of Incident: Penetration
• Number Affected: 62,000
• Source: INFOSEC Year In Review
• Abstract Source: San Francisco Chronicle via EDUPAGE

Abstract

Sonoma State University, an hour north of San Francisco, has become the latest in a growing list of universities to suffer a hacker attack that put personal information of students and staff at risk. At Sonoma State, hackers in July gained access to several computer workstations, which allowed them to access a number of other computers before university staff detected and put an end to the intrusion. In all, the hackers had access to names and Social Security numbers of nearly 62,000 students, applicants, or employees of the university between 1995 and 2002. A spokesperson for the university said the hackers did not have access to financial information and noted that there is currently no evidence that any of the information has been misused. Nevertheless, the university is required by state law to contact individuals whose personal information has been compromised, and the university is working to do just that. The university has set up a Web site with information and is advising affected individuals to contact credit-reporting agencies to be on the lookout for possible identity fraud. San Francisco Chronicle, 9 August 2005

[Abstract by Edupage Editors taken directly from Edupage, August 10, 2005]

Quick Facts

• Date: 7/6/2005
• Institution: University of Southern California
• Type of Incident: Unauthorized disclosure
• Number Affected:
• Source: INFOSEC Year In Review
• Abstract Source: The Register via RISKS

Abstract

A programming error in the University of Southern California's online system for accepting applications from prospective students left the personal information of ``hundreds of thousands of records'' publicly accessible. The flaw was discovered by a student in the process of applying.

[Abstract by Peter G. Neumann taken from RISKS 23.93]