Quick Facts

• Date: 8/9/2010
• Institution: University of North Carolina, Greensboro
• Type of Incident: Penetration
• Number Affected: 2,500
• Source: ESI
• Abstract Source: UNCG News

Abstract
The University of North Carolina Greensboro recently announced the breach of two computers at two UNCG clinics exposing personal information. The breach involved the breach of a Speech and Hearing Center computer containing the names, Social Security numbers, telephone numbers, insurance company information, insurance ID numbers, group numbers, diagnosis codes, procedure codes and charges for 2,300 individuals going back to 1997 and the breach of a Psychology Clinic computer containing the names, dates of birth, telephone numbers, city of residence and if the individual was insured on 240 individuals. Information was exposed when the the university discovered malware on the computers that could have allowed someone unauthorized access. In the letter affected individuals, the university encourages individuals to monitor their credit reports. Anyone with questions about the Speech and Hearing Center breach may contact the center at (877) 550-6012 while individuals with questions about the Psychology Clinic breach may contact the clinic at (887) 550-6008.

Quick Facts

• Date: 7/6/2010
• Institution: University of Hawaii, Manoa
• Type of Incident: Penetration
• Number Affected: 53,000 (40,870 Social Security numbers, 200 Credit Cards
• Source: ESI
• Abstract Source: University of Hawaii

Abstract
University of Hawaii, Manoa officials recently announced the breach of a server that contained personal information. The server, used by the university Parking Office, contained information on 53,000 people that had done business with the Parking Office between January 1998 and June 2010 including 40,870 Social Security numbers and 200 credit cards. The breach, which occurred on May 30, was discovered on June 15 during a routine security audit. According to officials the largest group affected by the incident are faculty and staff members employed in 1998. Others affected include those that purchased parking permits and visitors that hard their vehicles towed or appealed tickets between 1998 and 2010. The university has setup a web site - www.hawaii.edu/idalert - and hotline - 808-956-6000 - to help provide more information to those affected.

Quick Facts

• Date: 3/18/2010
• Institution: University of Calgary
• Type of Incident: Penetration
• Number Affected: 5,000
• Source: DataBreaches.net
• Abstract Source: Vancouver Sun

Abstract
The University of Calgary recently announced that patient records may have been exposed during a recent breach. The breach, involving a single computer that was compromised by two viruses, contained personal health information of 5,000 patients at University of Calgary's Sunridge Medical Center. While there is no evidence that the viruses, one of which would allow unauthorized access and control of the computer, exposed any information, Dr. Cathy MacLean, head of the department of family medicine, says that it is a concern. The computer in question was used to store copies of faxes, medical legal reports and billing data but did not contain electronic medical records.

Quick Facts

• Date: 3/15/2010
• Institution: Illinois State University
• Type of Incident: Unauthorized Disclosure
• Number Affected: Unknown
• Source: DataBreaches.net
• Abstract Source: Pentagraph.com

Abstract
A recent audit discovered that Illinois State University is not properly disposing of personal and sensitive information. In a recent report, Illinois Audit General Bill Holland stated auditors found employee Social Security numbers, personal health information and information on ISU credit card accounts in unsecured recycling bins and garbage cans in a number of offices. In addition, the audit points at problems in how sensitive data on old computers is handled. Greg Alt, ISU's Assistant Vice President for Finance and Planning, stated the university is working to improve the way sensitive information is destroyed.

Quick Facts

• Date: 3/6/2010
• Institution: University of Texas Southwestern Medical Center
• Type of Incident: Employee Fraud
• Number Affected: 12,000
• Source: Data Loss DB
• Abstract Source: Dallas Morning News

Abstract
The University of Texas Southwestern Medical Center is notifying patients that the might be at risk for identity theft after police discovered patient records in the possession of a former employee. The employee, Tracy Renay Thomas worked for UT Southwestern between March 2009 and September 2009, was found in possession of medical bills, Social Security numbers and insurance information on 21 former UT Southwestern patients. In response, UT Southwestern notified those 21 by telephone and is notifying 12,000 additional individuals by letter. Police discovered the information during an investigation into Thomas' boyfriend who police allege ran an identity theft ring with Thomas. According to officials, no UT Southwestern patients involved have been victimized but everyone affected is being offered one year of credit monitoring at no cost.