Educational Security Incidents (ESI)

Quick Facts

• Date: 11/19/2009
• Institution: University of East Anglia
• Type of Incident: Penetration
• Number Affected: Unknown
• Source: ESI
• Abstract Source: Examiner.com, The Register

Abstract
The University of East Anglia's Hadley Climate Research Center recently suffered a breach exposing thousands of email messages. The breach involved 1079 e-mail messages and 72 documents containing internal communications from researchers involved in global warming research. These documents were uploaded to an anonymous FTP server. The documents and e-mails themselves contain internal communications filled with crude language and disparaging comments on skeptical scientists. In addition, several of the messages appear to bring into question the relationship between the scientists and several journalists as well as call into question the methodologies used in some of the research.

Quick Facts

• Date: 12/31/2008
• Institution: Ohio State University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 18,000
• Source: Pogo Was Right
• Abstract Source: Columbus Dispatch

Abstract
Ohio State University is working to notify current and former students after student personal information was found accessible via the Internet. The information, including Social Security numbers, names, address and enrollment dates, was accidentally placed on a server exposed to the Internet. OSU has traced the mistake to a third-party vendor working with the university's student health insurance program. The breach appears to have affected 18,000 students enrolled in the insurance program from Fall 2005 to Summer 2006. OSU is offering these individuals 12 months of free credit monitoring. According to OSU officials, the university became concerned in September when students began contacting the university after finding their personal information online. OSU has setup a web site - www.studentlife.osu.edu/dataexposure/ - with more information on the incident.

Quick Facts

• Date: 12/30/2008
• Institution: University of Iowa
• Type of Incident: Employee Fraud
• Number Affected: Unknown
• Source: ESI
• Abstract Source: Press-Citizen

Abstract
A former University of Iowa employee has been charged with stealing UI laptops and selling them to the general public. According to the complaint, Charles Martin Reed had stolen and sold five university laptops. Reed was a former employee in the UI Surplus office which is responsible for selling used university equipment to the public. It is not known if these five laptops contained were sanitized before Reed allegedly sold them.

Quick Facts

• Date: 12/23/2008
• Institution: Ohio University - Chillicothe
• Type of Incident: Theft
• Number Affected: 38
• Source: Pogo Was Right
• Abstract Source: Chillicothe Gazette

Abstract
Ohio University - Chillicothe is working to alert members of the university's Health Wellness Center after staff discovered the theft of a hard drive containing personal information. The drive, part of a stand-alone machine using specialized software, contained the names and Social Security numbers of 38 current and former members. OU-C discovered the theft on December 9th and began investigating the incident. According to OU-C officials, the information is very difficult to access without the special software used by the Health Wellness Center. However, to help protect the individuals affected by this incident, OU-C is offering one year of free credit monitoring to the 38 current and former members affected by the theft.

Quick Facts

• Date: 12/20/2008
• Institution: Lorain County Community College
• Type of Incident: Penetration
• Number Affected: 22,000
• Source: Pogo Was Right
• Abstract Source: The Chronicle-Telegram

Abstract
Lorain County Community College announced that a sophisticated computer hacker breached two servers and could possibly have gained access to staff, students and community members personal information. The breach, which occurred during Thanksgiving break, involved the library card system which contained the names and Social Security numbers of about 22,000 staff, students and community members. LCCC staff discovered the breach when a virus alert went off due to an unknown individual download applications to the server. Staff immediately removed the server from the network to mitigate the breach until it could be investigated. According to LCCC VP of Strategic and Institutional Development Marcia Ballinger, the unknown individual was most likely looking to pirate space available on the servers and was not after personal information. However, LCCC will begin notifying all affected individuals and instructing them how to sign up for credit monitoring with Equifax. LCCC has enlisted the help and support of the FBI and other computer forensic experts in the investigation of the breach.