Quick Facts

• Date: 9/1/2010
• Institution: University of Florida
• Type of Incident: Theft
• Number Affected: 8,300
• Source: ESI
• Abstract Source: My Fox Orlando, University of Florida

Abstract
The University of Florida is working to notify individuals after the theft of a laptop that belonged to a program affiliated with the university. The laptop contained the names, Social Security numbers and some Florida driver's license numbers on 8,300 P.K. Yonge students and employees dating back to 2000. The laptop was stolen on July 23 from a P.K. Yonge Development Research School employee's rental car while in San Francisco. The theft was originally reported to the California police and later reported to the University of Florida Police Department. P.K. Yonge staff are taking steps to prevent similar problems in the future by installing encryption software on laptops. In the letter to those affected, university officials recommend they monitor their credit reports for signs of identity theft. The University of Florida has setup a web site - privacy.ufl.edu/incidents/2010/pkyonge - with more information on the incident.

Quick Facts

• Date: 7/6/2010
• Institution: University of Florida
• Type of Incident: Unauthorized Disclosure
• Number Affected: 2,047
• Source: ESI
• Abstract Source: University of Florida News Release

Abstract
University of Florida officials recently notified individuals after letters about a research study contained personal information on the labels. The letters, inviting individuals to participate in a College of Medicine’s Department of Epidemiology and Health Policy Research research study, contained the names, and Social Security numbers or Medicaid identification numbers of 2,047 individuals. The personal information was accidentally included on the mailing labels affixed to the letters. Instead of personal information, the labels were supposed to include randomly generated numbers to help a telephone survey company verify interested participants. The survey company, Macro International Inc has made plans to purge the personal information from their systems. In total, 647 labels included Social Security numbers and the rest contained Medicaid identification numbers.

Quick Facts

• Date: 9/14/2009
• Institution: University of Florida
• Type of Incident: Unauthorized Disclosure
• Number Affected: 34
• Source: DataBreaches.net
• Abstract Source: University of Florida News

Abstract
The University of Florida announced a recently discovered security breach of personal information. The breach involved a file containing the 34 names and 25 Social Security numbers of trainers working with the Florida Traffic and Bicycle Safety Education program in 2006. The file the unsecured file was removed as soon as it was discovered by university techs during a routine security check. While the file was last modified in 2006, the university believes that the risk to personal information is low. The university has setup a web site - privacy.ufl.edu/ - and hotline - 877-657-9133 - to help answer questions about the incident.

Quick Facts

• Date: 2/19/2009
• Institution: University of Florida
• Type of Incident: Penetration
• Number Affected: 97,200
• Source: ESI
• Abstract Source: University of Florida News

Abstract
The University of Florida is working to notify current and past students, faculty and staff after staff discovered a server breach. The "Grove" server hosted course documentation and course documentation containing files with the names and Social Security numbers of up to 97,200 individuals. UF staff discovered the breach on Jan 14 during routine IT system review. The computer was shut down and the UF launched an investigation. While the investigation was able to confirm unauthorized access had occurred, staff were not able to determine if the files containing private information had been accessed. In a letter (pdf) to the individuals affected by the breach, UF calls the risk of identity theft low but suggests people follow FTC guidelines. The University of Florida has created a web site - privacy.ufl.edu/incidents/2009/academic-technology - with more information on the breach.

Quick Facts

• Date: 11/12/2008
• Institution: University of Florida
• Type of Incident: Penetration
• Number Affected: 336,234
• Source: ESI
• Abstract Source: Network World

Abstract
The University of Florida announced that a server containing College of Dentistry patient information was breached by an unknown individual(s). The server contained the names, addresses, birth dates, Social Security numbers of 344,482 patients dating back to 1990. Some of these records did contain dental procedure information. UF discovered the breach on Oct 3rd when staff were performing upgrades on the server. Staff found that an unknown individual(s) had compromised the computer and remotely installed additional software on the server. The server was immediately taken down until staff could strengthen the security controls of the system. UF has mailed out notifications to 336,234 individuals affected by this breach. In the online FAQ, the University of Florida states that the university will not offer any free credit monitoring to the individuals affected by this breach. The university has more information on the incident here - privacy.ufl.edu.