Quick Facts

• Date: 7/23/2009
• Institution: University of Texas, Arlington
• Type of Incident: Penetration
• Number Affected: 27,000
• Source: ESI
• Abstract Source: University of Texas, Arlington

Abstract
The University of Texas, Arlington recently notified students, faculty and staff after the breach of a file server containing personal information. The file server, used by the university's Student Health Center, contained the names, addresses, prescription names, amount spent and diagnostic codes of 27,000 students, faculty and staff between 2000 and June 2010, including 2,048 Social Security numbers. The compromise was discovered on June 21, 2010 by IT staff and an investigation uncovered the server had been breached on four occasions between February 2009 and February 2010. According to the university, there were no credit card or other medial record information on the file server. So far, the university has notified 21,554 of the affected individuals and is working on notifying the remaining individuals through alternative methods. The university is offering free credit monitoring services to the 2,048 individuals whose Social Security numbers may have been exposed. UT Arlington has setup a hotline - 800-913-3055 - and web site www.uta.edu/data/index.php - to help provide more information to those affected.

Quick Facts

• Date: 3/6/2010
• Institution: University of Texas Southwestern Medical Center
• Type of Incident: Employee Fraud
• Number Affected: 12,000
• Source: Data Loss DB
• Abstract Source: Dallas Morning News

Abstract
The University of Texas Southwestern Medical Center is notifying patients that the might be at risk for identity theft after police discovered patient records in the possession of a former employee. The employee, Tracy Renay Thomas worked for UT Southwestern between March 2009 and September 2009, was found in possession of medical bills, Social Security numbers and insurance information on 21 former UT Southwestern patients. In response, UT Southwestern notified those 21 by telephone and is notifying 12,000 additional individuals by letter. Police discovered the information during an investigation into Thomas' boyfriend who police allege ran an identity theft ring with Thomas. According to officials, no UT Southwestern patients involved have been victimized but everyone affected is being offered one year of credit monitoring at no cost.

Quick Facts

• Date: 2/11/2010
• Institution: University of Texas Medical Branch
• Type of Incidents: Employee Fraud
• Number Affected: 2,400 (updated)
• Source: PHIPrivacy.net
• Abstract Source: Houston Chronicle
• Update1 Source: Houston Chronicle

Abstract
The University of Texas Medical Branch is investigating if any patient data was stolen after officials were informed that an employee of a contractor was arrested for identity theft. The employee, Katina Rochelle Candick, was arrested and charged identity theft and is accused of using a stolen identity to gain employment at MedAssets, a company hired by UTMB to assist with billing. While none of the charges stem from Candick's access to UTMB data, the university contacted the individuals whose information Candick may have had access too. This information included names, address, Social Security Numbers and insurance information on 1,200 UTMB patients. In the letter, UTMB offers tips on monitoring credit reports as well as informs the individuals of identity theft protection being offered by MedAssets. UTMB no longer does business with MedAssets.

Update1
The University of Texas Medical Branch sent out an additional 1,200 notices regarding the risk of identity theft after police discovered personal information in possession a former MedAssets employee. In addition, at least 10 individuals previously notified have come forward to report they have been victimized by identity theft.

Quick Facts

• Date: 8/1/2009
• Institution: University of Texas, Brownsville
• Type of Incident: Employee Fraud
• Number Affected: N/A
• Source: ESI
• Abstract Source: Brownsville Herald

Abstract
The University of Texas, Brownsville and Texas Southernmost College police recently concluded a two-month long investigation uncovering gross academic fraud by staff of the Office of Distance Education. Police discovered that students and staff working in the Office of Distance Education used their access to the Blackboard system to steal test answers. Six staff and 14 student workers stole test answers for themselves, for friends and even to sell to other students. The theft occurred by staff and student workers that were given administrative access to the Blackboard system. According to other staff, the University had been made aware of possible cheating, but was not sure how to contain the problem. While no criminal charges will be filed, staff involved no longer work for the Office of Distance Education and students involved received a number of different punishments ranging from failing a course to suspension.

Quick Facts

• Date: 8/1/2008
• Institution: University of Texas, Dallas
• Type of Incident: Penetration
• Number Affected: 9,100
• Source: ESI
• Abstract Source: Dallas News

Abstract
The University of Texas, Dallas is working to notify students, faculty and staff after staff discovered a computer breach on July 12. The computer contained names, addresses, telephone numbers, e-mail addresses and Social Security numbers on 9,100 individuals. The university does not know if the intruder(s) gained access to the Social Security numbers. According to the letter sent to affected individuals, the breach affected: 4,406 students on the Dean List or graduated between 2000 and 2006, 3,892 students that took part in a 2002 Office of Undergraduate Education survey, 88 Facilities Management staff members, and 716 faculty and staff listed on a 2002 space inventory.