Quick Facts

• Date: 3/6/2010
• Institution: University of Texas Southwestern Medical Center
• Type of Incident: Employee Fraud
• Number Affected: 12,000
• Source: Data Loss DB
• Abstract Source: Dallas Morning News

Abstract
The University of Texas Southwestern Medical Center is notifying patients that the might be at risk for identity theft after police discovered patient records in the possession of a former employee. The employee, Tracy Renay Thomas worked for UT Southwestern between March 2009 and September 2009, was found in possession of medical bills, Social Security numbers and insurance information on 21 former UT Southwestern patients. In response, UT Southwestern notified those 21 by telephone and is notifying 12,000 additional individuals by letter. Police discovered the information during an investigation into Thomas' boyfriend who police allege ran an identity theft ring with Thomas. According to officials, no UT Southwestern patients involved have been victimized but everyone affected is being offered one year of credit monitoring at no cost.

Quick Facts

• Date: 2/11/2010
• Institution: University of Texas Medical Branch
• Type of Incidents: Employee Fraud
• Number Affected: 2,400 (updated)
• Source: PHIPrivacy.net
• Abstract Source: Houston Chronicle
• Update1 Source: Houston Chronicle

Abstract
The University of Texas Medical Branch is investigating if any patient data was stolen after officials were informed that an employee of a contractor was arrested for identity theft. The employee, Katina Rochelle Candick, was arrested and charged identity theft and is accused of using a stolen identity to gain employment at MedAssets, a company hired by UTMB to assist with billing. While none of the charges stem from Candick's access to UTMB data, the university contacted the individuals whose information Candick may have had access too. This information included names, address, Social Security Numbers and insurance information on 1,200 UTMB patients. In the letter, UTMB offers tips on monitoring credit reports as well as informs the individuals of identity theft protection being offered by MedAssets. UTMB no longer does business with MedAssets.

Update1
The University of Texas Medical Branch sent out an additional 1,200 notices regarding the risk of identity theft after police discovered personal information in possession a former MedAssets employee. In addition, at least 10 individuals previously notified have come forward to report they have been victimized by identity theft.

Quick Facts

• Date: 2/2/2010
• Institution: University of Georgia
• Type of Incident: Employee Fraud
• Number Affected: 1
• Source: ESI
• Abstract Source: Red and Black, UGA Police Report (pdf)

Abstract
University of Georgia police have charged Dorin Dehelean, an IT security analyst in UGA's Enterprise Information Technology Services, with one count of theft by extortion after UGA student Laura Adams told police Dehelean attempted to extort $800 from her. Dehelean, who processed student copyright infringement complaints, attempted to extort the money in exchange for deleting the information about the complaint, according to Adams. UGA police are continuing to investigate the crime and expect the number of student victims to increase. Any student that has been contacted by Dehelean about similar extortion attempts are encouraged to come forward.

Quick Facts

• Date: 8/1/2009
• Institution: University of Texas, Brownsville
• Type of Incident: Employee Fraud
• Number Affected: N/A
• Source: ESI
• Abstract Source: Brownsville Herald

Abstract
The University of Texas, Brownsville and Texas Southernmost College police recently concluded a two-month long investigation uncovering gross academic fraud by staff of the Office of Distance Education. Police discovered that students and staff working in the Office of Distance Education used their access to the Blackboard system to steal test answers. Six staff and 14 student workers stole test answers for themselves, for friends and even to sell to other students. The theft occurred by staff and student workers that were given administrative access to the Blackboard system. According to other staff, the University had been made aware of possible cheating, but was not sure how to contain the problem. While no criminal charges will be filed, staff involved no longer work for the Office of Distance Education and students involved received a number of different punishments ranging from failing a course to suspension.

Quick Facts

• Date: 3/2/2009
• Institution: Univeristy of Massachusetts
• Type of Incident: Employee Fraud
• Number Affected: 16
• Source: Pogo Was Right
• Abstract Source: The Register

Abstract
A former University of Massachusetts IT administrator is facing charges that he illegally accessed 16 student Facebook accounts and stole nude photos. Robert J DeCampos Jr faces 13 misdemeanor counts of unauthorized computer access and one felony count of larceny. According to court documents, DeCampos used student email accounts to gain access to the Facebook accounts where he was able to download the nude photos these accounts contained. DeCampos was fired by the university on October 20, four days after the discovery of the alleged computer trespass.