Quick Facts

• Date: 9/2/2010
• Institution: University of Virginia College at Wise
• Type of Incident: Penetration
• Number Affected: N/A
• Source: DataBreaches.net
• Abstract Source: Krebs On Security

Abstract
Well known computer security journalist Brian Krebs has learned that computer criminals have stolen almost $1,000,000 from the University of Virginia College at Wise last week. It appears that the thieves used a virus to steal the online banking credentials from the comptrollers computer. The thieves used this access to transfer $996,000 from the university's accounts at BB&T Bank to the Agricultural Bank of China. When contacted by Krebs, Kathy Still, UVA Wise Director of News and Media Relations, would only state that the school was investigating the incident and no student data was at risk.

Quick Facts

• Date: 8/19/2010
• Institution: University of Kentucky
• Type of Incident: Theft
• Number Affected: 2,027
• Source: DataBreaches.net
• Abstract Source: University of Kentucky Public Notice

Abstract
The University of Kentucky is working to notify parents after a laptop was stolen from the university's Newborn Screening Program. The laptop, which was taken from a locked office in the Department of Pediatrics Newborn Screening Program, contained the names, medical record numbers, dates of birth, diagnosis, mothers' name and mothers' Social Security numbers on 2,027. In the notice, UK officials offer recommendations on how to spot identity theft and how to obtain a free credit report. According to the university, officials do not believe the laptop was stolen because of the information it contained. The university has setup a hotline - 877-528-3970 - to help provide more information about the incident.

Quick Facts

• Date: 8/18/2010
• Institution: Yale University
• Type of Incident: Theft
• Number Affected: 1,000
• Source: PHIPrivacy.net
• Abstract Source: New Haven Register

Abstract
Yale University School of Medicine began notifying individuals following the theft of a laptop. The laptop, stolen from the office of a data analyst, contained clinical health information on 1,000 individuals. The laptop was password protected but not encrypted. The university is working with the Yale and New Haven police departments to investigate the theft. Individuals that are affected by the theft may contact the School of Medicine at 877-751-3361 for more information.

Quick Facts

• Date: 7/23/2009
• Institution: University of Texas, Arlington
• Type of Incident: Penetration
• Number Affected: 27,000
• Source: ESI
• Abstract Source: University of Texas, Arlington

Abstract
The University of Texas, Arlington recently notified students, faculty and staff after the breach of a file server containing personal information. The file server, used by the university's Student Health Center, contained the names, addresses, prescription names, amount spent and diagnostic codes of 27,000 students, faculty and staff between 2000 and June 2010, including 2,048 Social Security numbers. The compromise was discovered on June 21, 2010 by IT staff and an investigation uncovered the server had been breached on four occasions between February 2009 and February 2010. According to the university, there were no credit card or other medial record information on the file server. So far, the university has notified 21,554 of the affected individuals and is working on notifying the remaining individuals through alternative methods. The university is offering free credit monitoring services to the 2,048 individuals whose Social Security numbers may have been exposed. UT Arlington has setup a hotline - 800-913-3055 - and web site www.uta.edu/data/index.php - to help provide more information to those affected.

Quick Facts

• Date: 6/30/2010
• Institution: California State University, San Bernardino
• Type of Incident: Unauthorized Disclosure
• Number Affected: 36
• Source: ESI
• Abstract Source: The Desert Sun

Abstract
California State University, San Bernardino recently began notifying some student after personal information was discovered online. A class roster from one computer science and engineering course made public through the university's web server contained the names and Social Security numbers of 36 students. The information was found on June 10, 2010 and removed as soon as the university became aware of the file.