Quick Facts

• Date: 7/23/2009
• Institution: University of Texas, Arlington
• Type of Incident: Penetration
• Number Affected: 27,000
• Source: ESI
• Abstract Source: University of Texas, Arlington

Abstract
The University of Texas, Arlington recently notified students, faculty and staff after the breach of a file server containing personal information. The file server, used by the university's Student Health Center, contained the names, addresses, prescription names, amount spent and diagnostic codes of 27,000 students, faculty and staff between 2000 and June 2010, including 2,048 Social Security numbers. The compromise was discovered on June 21, 2010 by IT staff and an investigation uncovered the server had been breached on four occasions between February 2009 and February 2010. According to the university, there were no credit card or other medial record information on the file server. So far, the university has notified 21,554 of the affected individuals and is working on notifying the remaining individuals through alternative methods. The university is offering free credit monitoring services to the 2,048 individuals whose Social Security numbers may have been exposed. UT Arlington has setup a hotline - 800-913-3055 - and web site www.uta.edu/data/index.php - to help provide more information to those affected.

Quick Facts

• Date: 7/6/2010
• Institution: University of Florida
• Type of Incident: Unauthorized Disclosure
• Number Affected: 2,047
• Source: ESI
• Abstract Source: University of Florida News Release

Abstract
University of Florida officials recently notified individuals after letters about a research study contained personal information on the labels. The letters, inviting individuals to participate in a College of Medicine’s Department of Epidemiology and Health Policy Research research study, contained the names, and Social Security numbers or Medicaid identification numbers of 2,047 individuals. The personal information was accidentally included on the mailing labels affixed to the letters. Instead of personal information, the labels were supposed to include randomly generated numbers to help a telephone survey company verify interested participants. The survey company, Macro International Inc has made plans to purge the personal information from their systems. In total, 647 labels included Social Security numbers and the rest contained Medicaid identification numbers.

Quick Facts

• Date: 6/29/2010
• Institution: University of Maine
• Type of Incident: Penetration
• Number Affected: 4,585
• Source: Data Loss DB
• Abstract Source: The Maine Campus

Abstract
The University of Maine recently announced that the breach of two servers could place student information at risk. The servers, belonging to the university's Counseling Center, contained the names, Social Security numbers and clinical information for 4,585 students that attending the center between August 2002 and June 2010. According to Robert Dana, University of Maine's Dean of Students, the first breach of the servers may have occurred early in March 2010 and the attackers used this access to compromise a second server containing the student information. Dana called university and college networks "prime targets" for attack and stated that the University of Maine is under "literally thousands of [attack] attempts per day." While the university works with Debix to notify affected individuals and offer one year of credit monitoring, the University of Maine Police are investigating the incident with assistance from US Attorney's Office and the US Secret Service. More information is available at http://umaine.edu/informationcenter/

Quick Facts

• Date: 6/19/2010
• Institution: University of Nevada, Reno
• Type of Incident: Theft
• Number Affected: Unknown
• Source: ESI
• Abstract Source: Daily Sparks Tribune

Abstract
University of Nevada, Reno is investigating the theft of computer equipment containing patient information. The equipment, part of the University's School of Medicine's clinical practice, contained the names, addresses, dates of birth, Social Security numbers and medical information for an undetermined number of individuals. The equipment was discovered stolen on June 11th. In the letter to the patients where identity theft is a risk, the university is offering one year of free credit monitoring. A full investigation into the theft is being conducted by local and federal authorities and information on the theft can be reported to University of Nevada, Reno Police.

Quick Facts

• Date: 6/1/2010
• Institution: University of Louisville
• Type of Incident: Unauthorized Disclosure
• Number Affected: 708
• Source: ESI
• Abstract Source: Business First of Louisville, WFPL

Abstract
The University of Louisville recently announced the accidental exposure of patient information to the Internet. The web site, belonging to the university's Kidney Disease program, contained the names, Social Security number and medical information on 708 patients. The information was available through the web site from October 1, 2008 to May 17, 2010. According to officials a programming error caused the information to become exposed to the Internet without any need for a password or login. The site has been removed and the University is offering one year of credit monitoring for the individuals affected. Individuals with questions can contact the U of L Kidney Disease Program at 502-852-0785.