Aug 212014

An update to a breach previously noted on this blog.

Anna Burlson reports:

Three North Dakota University System employees who dealt in IT security have been put on administrative leave following a massive security breach last winter.

The personal information of more than 290,000 current and past NDUS students was vulnerable for four months before the hack was noticed Feb. 7. Several agencies looked into the security breach and found that the hacked server was most likely used as a “launch pad” for an overseas entity to access other servers.

Read more on Prairie Business.

Aug 192014

Mike Bush reports:

New Mexico State University has determined that the on-campus theft of computing equipment in June included a laptop with a link to personal information on some 170 students.

The suspected thief, the university said in a letter dated Aug. 11 to the affected students, has been arrested and charged, but, “had disposed of the stolen laptop containing the personal information prior to being arrested.”

The stolen laptop “inadvertently” contained “a link to an excel file containing your name, date of birth, Social Security number and other student information related to you, along with similar personal information of approximately 170 other students,” the letter stated.

Read more on Albuquerque Journal.

Aug 162014

Peter Terlato reports on a hack leading to a bit of a political flap:

A 21-year-old communications student from the University of Technology, Sydney has been charged with gaining unlawful access to restricted files which contained information pertaining to Frances Abbott’s $60,000 scholarship.

NSW Police issued a court summons to part-time librarian Freya Newman earlier this week, after receiving a complaint by the Whitehouse Institute of Design that its computer system was hacked on May 20.

Read more on Business Insider Australia

According to other sources, Newman was reportedly working as a part-time librarian at Whitehouse at the time. The Daily Mail reports:

The revelations sparked widespread outrage when it was revealed that the ‘chairman’s scholarship’, which covered most of Ms Abbott’s fees, had not been advertised and had only been awarded once before, to Billie Whitehouse, the daughter of the Institute’s founder and owner.

It was further revealed that Tony Abbott had not declared the scholarship on his pecuniary interests register, despite the fact that Les Taylor, the chairman of the school’s board of governors is a Liberal party donor and recommended Ms Abbott for the scholarship.

Mr Abbott has maintained that he had no reason to declare the scholarship because his daughter won it on merit.

Aug 162014

Annie Cutler reports:

A 26-year-old Brigham Young University student was arrested on charges of identity theft and computer crimes.

Police say Gabriel Camacho stole personal information of his co-workers, other students and even professors at BYU and the University of Utah.

It all started when Camacho was fired from his job when his employer suspected he had hacked into their computer system. Turns out, the employer was right and after authorities searched a flash drive Camacho left behind, they said they learned he had hacked into more systems.

“We’re talking passwords, account numbers, birth dates, all of that information,” Chief Cody Cullimore of Lindon police said.

And it’s sensitive information Lindon police say Camacho has admitted to stealing. There could be more than 50 potential victims between his recent employer, U of U and BYU.

Read more on Fox13


Aug 162014

Danielle Manley reports:

Personal information of as many as 1,200 students, faculty and staff at Weber State University may have been compromised during multiple possible break-ins to computer labs.

A WSU student was charged July 29 in the incident. The burglar broke in after-hours to the Science Lab Building and Building 4, said Bret Ellis, vice president for Information Technology. Ellis said he doesn’t know for sure, but the suspect most likely broke in multiple times from January to April 2014.

“There were 1,200 individuals that were potentially compromised,” Ellis said. “We believe it was way less than that. We’re just trying to be extremely safe.”

The suspect was unsuccessful in accessing information in one lab, but could have obtained private information in a public computer lab commonly used by students, faculty and staff.

Ellis said he was not an employee or person of trust and does not know the reason of the hacking. The suspect could have accessed personal and financial information, but, “there’s no indication to suggest that that was the intent of the individual,” Ellis said.

Read more on Salt Lake Tribune.


Aug 132014

What St. Francis College in Brooklyn Heights, NY wrote to enrollees and applicants after a security incident:

On June 28, 2014, a St. Francis employee reported the loss of an external hard drive.

Compare that to what they told the New Hampshire Attorney General’s office in their cover letter:

On June 28, 2014, St. Francis was notified by one of its employees of an incident involving the personal information of St. Francis enrollees and applicants. The St. Francis employee was carrying a password-protected external hard drive in his briefcase while attending a social function. At some point that evening, the hard drive fell out of the briefcase and has not been recovered.

Gee, I can’t imagine why they didn’t tell all that to those whose personal information – including Social Security numbers – was on the lost drive.

The college is offering some free services through Kroll. They are also “implementing policies with respect to the handling of personal data in portable formats” and will begin encrypting personal data on all external hard drives and similar devices.

And if you’re wondering why they didn’t do these things before now, well, that’s a good question for which I don’t have a good answer.

The total number of applicants and enrollees for 2006-2011 (the timeframe for data on the drive) was not provided, but statistics on the college’s website indicates that it had 2,903 enrollees for the Fall term of 2013, so we’re possibly looking at over 15,000 people whose personal information – names, postal addresses, telephone numbers, and email addresses, and SSN – may have fallen into criminals’ hands.

Did I mention that the college is covered by FERPA? Will the U.S. Education Department do anything in response to this incident? I doubt it.