Quick Facts

• Date: 9/7/2010
• Institution: City College of New York
• Type of Incident: Theft
• Number Affected: 7,000
• Source: ESI
• Abstract Source: WABC

Abstract
City College of New York recently sent out notification letters to students after a laptop containing personal information was stolen. The laptop in question, which was password-protected but not encrypted, contained the names and Social Security numbers of 7,000 students. In the notification letter, students were asked to contact 212-650-5426 with questions. However, some students have reported that calls to that number have gone unanswered. According to a CCNY spokesperson, there is no evidence that anyone's information has been compromised by the theft. However CCNY is looking at how to ensure personal information is better protected in the future.

Quick Facts

• Date: 9/7/2010
• Institution: Minneapolis Community and Technical College
• Type of Incident: Unauthorized Disclosure
• Number Affected: Unknown
• Source: ESI
• Abstract Source: City College News

Abstract
Minneapolis Community and Technical College officials are working to respond to a City College News investigation. The student newspaper discovered a directory exposed to the Internet that contained internal finance and budget documents as well as student data. The directory found contained annual accounts receivable reports, salary rosters, and a database containing several years worth of work study records including names, student ID numbers, the amount awarded for work study and the amount earned. While most of the data in the directory is publicly available information, questions remain about if the college had meant to place as much information online. According to Dianna Cusick, MCTC director of legal affairs, the college has made an effort to be more transparent with the budget process and make budgeting information available to the public. However, Cusick stated that they were not aware of all of the reports being placed online. While the directory containing the information has been taken offline, the college plans to place the budget and accounting information back online in the future.

Quick Facts

• Date: 9/6/2010
• Institution: Eastern Michigan University
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: DataBreaches.Net
• Abstract Source: AnnArbor.com, AnnArbor.com

Abstract
Eastern Michigan University sent a campus-wide email concerning the a server breach discovered over the weekend. During routine monitoring on Saturday EMU's IT staff discovered that a server was compromised around 11:30PM on Friday. The server in question controls my.emich passwords and Banner Self Service PIN codes for both students and employees. EMU officials decided to issue the notice to all of campus since the login information on this server may allow additional access to EMU systems containing personal and banking information. While officials believe the risk of secondary access is minimal, the email urges caution especially for those employees with direct deposit. People with questions or information as asked to contact the Help Desk at helpdesk@emich.edu or 734-487-2120.

Quick Facts

• Date: 9/3/2010
• Institution: University of Rochester
• Type of Incident: Loss
• Number Affected: 837
• Source: ESI
• Abstract Source: WHEC

Abstract
The Univeristy of Rochester Medical Center is working to notify patients after a doctor lost a flash drive containing patient information. The flash drive, which belonged to Dr. Jeffery Peters, contained the names, birth dates and diagnosis of some patients. Dr. Peters cannot recall which of his 837 patients were on the flash drive so letters have been sent to all of them. According to Teri D'Agostino, Dr. Peters and others attempted to locate the flash drive for 3 weeks before notifying medical center officials. "He's deeply concerned by that. These are his own patients, this is his practice, this is his image, and he cares about that. So we applaud him for coming forward," said D'Agostino. Jeffery Powell, the URMC CIO, said they medical center will being looking into encryption for all computers and flash drives.

Quick Facts

• Date: 9/2/2010
• Institution: University of Virginia College at Wise
• Type of Incident: Penetration
• Number Affected: N/A
• Source: DataBreaches.net
• Abstract Source: Krebs On Security
• Update1 Source: Highland Cavalier

Abstract
Well known computer security journalist Brian Krebs has learned that computer criminals have stolen almost $1,000,000 from the University of Virginia College at Wise last week. It appears that the thieves used a virus to steal the online banking credentials from the comptrollers computer. The thieves used this access to transfer $996,000 from the university's accounts at BB&T Bank to the Agricultural Bank of China. When contacted by Krebs, Kathy Still, UVA Wise Director of News and Media Relations, would only state that the school was investigating the incident and no student data was at risk.

Update1
It appears that the money stolen from UVa Wise has been recovered by the university. According to the college's Director of News and Media Relations Kathy Still, officials were able to catch the theft early on and no funds have been lost.