Dec 132014
 

The  University of California -Berkeley is notifying individuals of a recent data breach in the Real Estate Division.

Although there is no evidence that any unauthorized individual actually acquired and used personal information, the breach involved unauthorized access to servers used to support a number of Real Estate programs and work stations, specifically those in the units formerly known as Capital Projects and Physical Plant-Campus Services.

In a letter to those affected signed by Grace Crvarich, Chief Operating Officer UC Berkeley, Division of Real Estate, she notes that some of the servers or workstations stored individual files that included some personal information, including names along with social security numbers, credit card numbers and driver’s license numbers.

The servers were reportedly breached in mid- to late September and were shut down as soon as investigations indicated they were compromised.  The breach was discovered September 26, 2014, and in subsequent weeks, the university, with the assistance of a consultant data security firm, reviewed the data stored on the servers to identify any personally identifying information and identify and locate all the individuals affected. That identification process only concluded this week.

Those notified were offered a free year of credit monitoring and identity restoration services with ID Experts.

A template of the notification letter has been uploaded to the web site of the California Attorney General’s Office.

 

Dec 132014
 

Seacoastonline.com reports:

Exeter resident Lee Ann Cammett, of Dogtown Road, has been formally indicted on charges of Computer-Related Offenses.

According to her indictment, Cammett “knowingly and without authorization” accessed as well as altered or tampered with student records using the PowerSchool computer network which is used by Exeter High School.

Read more on Seacoastonline.com.

Dec 112014
 

Scott Dance reports:

Nearly a year after a massive data breach at the University of Maryland, state auditors say the campus network is still vulnerable to hackers — in part because gaps they identified five years ago remain.

While patching those holes would not have prevented the breach, auditors and university officials said Wednesday, some of the network still lacks proper firewalls or systems to detect intruders or malware.

Thomas Barnickel, an auditor with the state Office of Legislative Audits, said the findings suggest broader issues regarding the network’s protection.

Read more on The Baltimore Sun.

Related:
University System of Maryland University of Maryland, College Park Division of Information Technology (Audit Report, December 4) (pdf)

Dec 082014
 

NewsOK reports:

The University of Oklahoma Health Sciences Center announced Monday that a College of Nursing Web server was compromised.

University personnel discovered the security breach Oct. 20, according to a news release. While working to recover the system on Nov. 3, they learned the compromise could have enabled unauthorized access to sensitive data.

University officials have not found evidence of any unauthorized access to data.

Personally identifiable information about students who applied to or attended the College of Nursing from 2005 to the present was vulnerable to unauthorized access. The data included identifiers such as name, address, date of birth and, for some applicants and students, Social Security numbers.

Read more on NewsOK.

Update: The uni’s media notice:

Monday, December 8, 2014

The University of Oklahoma Health Sciences Center announced today that on Oct. 20, 2014, University personnel discovered that a College of Nursing web server had been compromised. While working to recover the system on Nov. 3, 2014, personnel learned that the compromise could have enabled unauthorized access to sensitive data. The University has not found evidence of any unauthorized access to this data.

Personally identifiable information about students who applied to or attended the College of Nursing from 2005 to the present was vulnerable to unauthorized access. The data included identifiers such as name, address, date of birth and, for some applicants and students, Social Security numbers.

Out of an abundance of caution, the College of Nursing is offering a paid one-year subscription to identity theft protection services to those applicants and students whose Social Security numbers may have been accessed. Current students will receive instructions from the College regarding how to access the services.  Former students and applicants may contact the College at (405) 271-2478 or by completing this survey for more information.

The University takes seriously its obligation to protect its students’ information. In response to this incident, the compromised system was taken offline, and the web site was transitioned to a new system with additional access restrictions in place. OU officials have notified law enforcement of this incident and will cooperate with any resulting investigation.

Dec 072014
 

KRDO reports:

Pueblo City School District 60 is increasing security after a student found a way to access other students’ accounts.

The Pueblo Chieftain reports that a student demonstrated how simple it was to access other students’ accounts since the username and password are almost identical on Infinite Campus, the program students use that has grades, attendance records, missing assignments, class schedules, immunization records, grade-point averages, home addresses, telephone numbers, names of family members, and assessment scores.

Read more on KRDO.

Related: Password changes on tap (Pueblo Chieftain)

Nov 222014
 

Ovetta Wiggins reports:

The Prince George’s County Public School System notified employees on Friday evening of a possible security breach involving employees’ personal data.

[…]

Davis said a report that contained employees’ social security numbers, birth dates and employee identification numbers was emailed outside of the school system. A spokeswoman for the system said the outside addresses to which the material was sent were the personal addresses of school staff members.

Read more on Washington Post.