Educational Security Incidents (ESI)

Quick Facts

• Date: 2/13/2008
• Institution: Middle Tennessee State University
• Type of Incident: Penetration
• Number Affected: 1,500
• Source: ESI
• Abstract Source: The Daily News Journal

Abstract
Middle Tennessee State University is alerting students that an unknown individual was able to gain access to a computer containing personal information. The computer contained the names and Social Security numbers of 1,500 current and former students. A MTSU professor left the computer running and unattended in the Mass Communications department for two weeks. It is believed that an unknown individual gained accessed to this machine and used it to send out spam e-mails. According to MTSU spokesperson, Tom Tozer, the notice to students is just a precaution and there is no evidence that the student information was accessed by anyone.

Quick Facts

• Date: 1/23/2008
• Institution: Baylor University
• Type of Incident: Penetration
• Number Affected: 526
• Source: Pogo Was Right
• Abstract Source: The Lariat

Abstract
Baylor University is alerting its campus community that a student employee illegally gained access to Baylor Information Network (BIN) accounts over the break. The student was able to obtain the Bear ID and passwords of 526 individuals logging into the BIN system. While Baylor's Director of Media Communications, Lori Fogleman, stated the access did not include "sensitive information like Social Security Numbers, financial information or academic records," it should be noted that the BIN accounts did allow direct access to both the Baylor e-mail and Blackboard systems. Each of these systems could potentially hold sensitive and/or protected information. Baylor staff immediately expired affected account, forcing a password change for these individuals. The university declined to comment on how the university became aware of the breach or what actions the university or the FBI plan to take against the student worker.

Quick Facts

• Date: 1/11/2008
• Institution: California State University, Stanislaus
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: ESI
• Abstract Source: Central Valley Business Times

Abstract
California State University, Stanislaus officials announced today that a dining vendor's computer system was breached exposing student credit card and bank card information to an unknown attacker. The information on the server in question includes credit card numbers, cardholder names and card expiration dates. The exact number of individual affected and the nature of the breach is still under investigation according to university officials. The university police department learned about fraudulent activity of credit cards used at CSU Stanislaus back in November. The investigation led the police to the breached vendor system.

Quick Facts

• Date: 1/9/2008
• Institution: University of Georgia
• Type of Incident: Penetration
• Number Affected: 4,250
• Source: Pogo Was Right
• Abstract Source: Red and Black

Abstract
The University of Georgia is investing a sever breach that appears to have occurred between Dec 29 and Dec 31. At this point it appears the attach originated overseas. The breached server contained the Social Security numbers, names, and addresses for 4,250 prospective, current and former residents of graduate family housing. The breach was discovered by a department working over the break when this individual noticed "a page showing something that shouldn't be there." UGA worked quickly to notify the affected individuals through e-mail and postal mail.

Quick Facts

• Date: 1/3/2008
• Institution: McDowell Technical Community College
• Type of Incident: Penetration
• Number Affected: N/A
• Source: ESI
• Abstract Source: Asheville Citizen-Times

Abstract
A recent audit of McDowell Technical Community College's computer center found that the college is vulnerable to data tampering and other risks. The report by the North Carolina Office of the State Auditor, available as a pdf here, found that McDowell Tech needs to implement new security controls to prevent unauthorized access to the data center, controls to prevent electronic tampering of data, and needs to complete a more robust disaster recovery plan.McDowell Tech officials, in a written response, stated that the college would adopt such controls as funding allows.