Are you a college student in Colorado?  Are you a student at a community college?  Do you attend Arapahoe Community College?  If you do, you have a problem.  A rather large problem if you listen to the statements released by ACC about the data breach which affects over 15,000 students at the college.  A flash drive containing the personal information was stolen from the personal laptop of a contract worker for ACC while he was on vacation at the Copper Mountain Resort.  No information has been released about the individual’s name.

Not only is it a large number of students affected by the breach, but the extent of the data lost is troubling.  Names, addresses, social security numbers, and credit card numbers were all contained on the flash drive.  Thankfully the three digit code on the back of the credit cards was not stored on the file, although this is only of a slight comfort to the affected souls.  A letter was sent out to the 15,000 people on Monday which was a follow up to the email that was sent on Friday.  There has been no discussion of how long it was between the breach and when it people were notified.  Among the 15,000 affected people are not the students of the main campus, which is located in Littleton, Colorado.  Most students were from the Corporate Learning Division and the records include those who attended the university from 1997 to the present.

In a statement released by ACC President Bert Glandon, he apologized to all affected students.  He noted that the contractor was in violation of the college’s policy of not having personal information stored on portable devices.  Although there has been no word at the moment, it is likely that the contractor will be terminated.  Glandon also said that the college is working to review and upgrade all of its security policies so that this type of breach would not happen again.  No one has mentioned whether or not the flash drive was password protected or data encrypted, although the lack of this mention is not a good sign for the 15,000 people whose information was stored on the drive.

Arapahoe Community College is advising its students to place a fraud alert with the credit bureaus and to request a free copy of their credit reports.  While fraud alerts are easy to start, they are only free for a limited amount of time.  A much more secure option is to subscribe to an ID theft services.  A good company to use is Lifelock.  It monitors all three credit bureaus, Trans Union, Equifax, and Experian.  Whenever a new loan or credit card application is filed, Lifelock contacts its customer.  It checks whether or not the paperwork was actually filed by the person whose name appears on it.  If it is legitimate, the application continues to be processed.  However, if it is fraudulent, it is stopped before theft can take place.

Loyola University has slowly pulled itself out of the financial trouble it struggled through during the 1990s.  With increased revenue to create new construction on its campuses, the last thing that the university needed was any sort of negative attention in the media.  Unfortunately, this is the situation that they now find themselves in after creating a data breach of their own making.  In a way quite different from a lapse in network security or having private information stored on a flash drive, Loyola simply threw out a hard drive that had not been erased.  Contained on the hard drive were the names, addresses, and social security numbers of 5,800 students.

The desk top computer was scheduled to be destroyed and replaced with a newer model.  One of the steps in the decommissioning process was to copy the contents of the hard drive over to the new machine and then delete the information stored on the old one.  This, however, was not the case.  No one realized the error until after the desk top had been discarded.  There has been no word on whether or not the company that took the old machine destroyed it or not.  A spokeswoman for the university, Susan Malisch, said that there was little chance that any of the sensitive information was accessed by anyone else.

Nevertheless, Malisch recommended that students be vigilant in watching their credit reports.  She said that the university will provide a year’s worth of free credit monitoring.  These types of subscription based ID theft services have become popular in recent years, with Lifelock holding a large share of the market.  The company maintains contacts at Equifax, Trans Union, and Experian.  Whenever a new credit card or loan application is processed through a bureau, Lifelock contacts its customer to make sure that they are the one actually filing the paperwork.  If it the person is not involved, the application is stopped and noted as fraudulent activity.

Most of the 5,600 students were undergraduates, although there was information about a few graduate students also contained on the hard drive.  Letters were sent out to all affected students alerting them about the free credit monitoring services and other steps they should take to protect themselves.  Loyola has said that it will review all of its policies and procedures regarding electronic storage to make sure that future breaches of this type do not take place.  There is a discussion about whether or not an outside consulting company should be brought in to review the policies or if an internal audit will catch all the flaws in the current system.  The computer that was discarded was being used by the Information Technology Services Department when it was designated for replacement.

At first it was only college students who were hit hard by a lack of security. Now it has sunk down all the way to second graders. The youth have been impacted and might have to deal with the threat of identity theft for the rest of their life while those who just took the ACT and are beginning their college careers are also affected. Williamson County school board officials recently announced that a former school board official illegally posted a breach of student social security numbers, names, and addresses on the internet.

The person responsible for posting the information on the internet is former Student Assessment Director Chris Nugent. It appears that, without consent, he copied the information to a jump drive and then was using the information for a college project he was working on. Although he had no intention of posting the private data online, it was inadvertently uploaded while he was working on his project. Unfortunately, this breach went unnoticed for over a year. It was only discovered after a student was searching for information about themselves on the internet that the news of the breach spread.

In all, around 5,000 student had their social security numbers released, while another 10,000 students had their names and ACT scores posted online. The school superintendent, Rebecca Sharber, found out about the breach on June 26, but waited until July 9 before alerting the wider school community. She has explained this delay in notifying the affected parties as a way of making sure that she had all the facts straight before addressing the litany of questions she knew she would face from parents. While she might have been better prepared for the questions, she has also drawn fire from parents who think she waited too long before announcing the breach.

Other school board members were also upset about the delay. One parent noted that there was such inconsistency with the information provided by everyone. At one point it was 15% of all students in the district, then it was 3rd-8th graders and then it was finally the correct information about second graders and those who took the ACT last year. Some parents have expressed their concern about this incident haunting the lives of their kids for years to come and are worried with all the paperwork that now needs to be filed to take care of everything. One way that people can avoid this type of paranoia is to subscribe to ID theft services, such as Lifelock. These companies contact all three credit bureaus and alert their customers whenever a new application, such as a credit card or loan, is filed. Lifelock verifies that these are being opened by the real person and are not an attempt at identity theft.

Watch out students. No where seems to be safe on campus anymore. Not even the private offices of workers who handle the confidential data of many students. No wonder there is always such a flurry of signs reminding students at the end of the semester that they need to be mindful of their belongings, since people are stealing everything that isn’t bolted down to profit from at book sell back time. Even those things that are bolted down can walk away as was the case earlier in the month when a desktop computer was taken from an administrative office. There has been no word yet on which specific office was robbed or the exact material contained on the hard drive.

What is clear at this point is that over 6,200 students have been notified of the breach, although this was only made clear to the media through the outreach of the father of a student who was affected. It isn’t understood why the university did not approach the media and own up to its responsibility that its systems had been breached. Some have speculated that the East Tennessee State University is fearful that it will be found in violation of some of its safety and security policies. No word yet on how the university has responded to these accusations.

The breach not only affects current students, but also alumni. Unfortunately there hasn’t been any discussion about how far into the past the data goes, so there is no window of time that we can report to the public to let them know whether or not they should be concerned. The best thing to do is to keep an eye out for a letter from the university that deals with this case. Those seeking more information can contact the university’s Department of Safety.

The information contained on the desktop was encrypted and it met the standards that educational institutions are expected to have. At the same time, university officials have noted that there is a slight chance that the data could still be accessed, although there have been no reports of this happening. As the investigation continues, the university says that it will keep everyone posted and that it will assess its security settings to determine whether or not they need to be upgraded.

In the meantime, those affected are advised to contact one of the credit bureaus to place a fraud alert on their accounts. There are some ID theft subscription services, one being Lifelock, that provides continuous monitoring services. They contact all three credit bureaus, Equifax, Trans Union, and Experian and monitor for new loan and credit card applications. Whenever one of these applications appears, Lifelock contacts its customer to make sure that the application is legitimate and not some effort at identity theft.

It isn’t only laptop computers that seem to grow legs and walk away anymore. Even desktops have become a popular target for thieves looking for some easy money. Sure, more and more people are stealing catalytic converters and while it is a pain to have to spend $200-$1000 to get a new one it is a lot cheaper than having someone on the internet buy your identity for next to nothing and creating headaches for you for the rest of your life. Whether or not the person who stole the computer from the office at the Moore School of Business at the University of South Carolina had the intention of just a few easy bucks for a computer or identity theft, it isn’t clear at this point yet.

What is clear as the facts have been coming in is that over the Memorial Day weekend one of the offices at the Moore School was broken into and many items were stolen, including the desktop computer. The computer was the workstation of Deputy Dean Dr. Scott Koerwer. While there is no information at this point that any of the personal data on the computer was actually accessed, the university is taking a proactive stance and alerting the affected people. In total over 130 staff and faculty have been notified and 7,000 students need to keep an extra eye on their financial status. The faculty and staff is only currently employed, so if you had worked at the Moore School in the past, your data is not at risk. As for the student body, the 7,000 students were registered for classes in the business department in the last year, both undergraduates and graduate students.

The break-in is under investigation by the university’s department of public safety and there are currently no leads. This issues has raised the question of USC’s security policy for private information. Although no official would speak on the record, one person familiar with the security systems at the university said that files are encrypted and that procedures are set in place so that private data is contained only on stationary computers that remain on campus at all times. This is in an effort to prevent this type of breach from happening at the homes of individuals who deal with sensitive material. Students and faculty were sent a letter which advised them to keep an eye out for suspicious activities and steps that they should take to safeguard their finances.

One of the measures that is recommended is placing a fraud alert with one of the credit bureaus. Companies, like Lifelock, offer this type of ID theft subscription service. They alert all three credit bureaus and make sure that credit card and loan applications are actually being opened by the person named on the account. If anyone associated with the USC break-in has more questions, they are advised to contact the department of public safety.

Today, officials at the University of Nebraska at Kearny released a press release that informed current and former students of a data breach that took place last month on nine computers on campus. Although all the computers were affected were desktops, there are going to be an increase in the data regulations and security policies implemented on campus computing facilities. In all, over 2,000 people are now potential victims of identity theft.
According to the press release, the breach took place on June 8 and was noticed and responded to on June 9. No word on why the university took almost a month to alert its students and alumni of the breach, although the release did note that a thorough and complete investigation of the matter had taken place. After this investigation, the breach was traced back to individuals in the Republic of Slovenia. The departments affected by this intrusion include History, Biology, Psychology, Computer Science, Math, and Sociology. Two computers in History, Biology, and Psychology were affected, while only one computer was accessed in each of the other departments. Students impacted by this were either History advisees in 2002-2003, or deciding students in 2001-2002, or students enrolled in the Masters of Science in Biology program that takes place online.

At this point, there have been no reports of any illegal activities taking place from the data gathered illegally. Such information included social security numbers, names, addresses, and bank routing numbers. The release said that there is no indication that there was any effort to use the information for illicit purposes or if it was even stolen from the systems. One proposed possibility for the breach was to use the computer’s processing power to help spread spam to all computers on campus, although the validity behind this claim has yet to be proven. Letters to this affect and that spell out necessary actions to take are being sent out to the 2, 035 people involved in the breach.

The university has spelled out that this is the first breach of its kind to affected Kearny. Officials with the information systems and services department have assured the student body that they have numerous security features in place to prevent this type of intrusion, including firewalls and encryption services.

Those affected will only receive a letter. The university will not contact anyone by email or phone and individuals are advised to not give their social security number out to anyone inquiring for the information over the phone or online. Authorities suggest that students file fraud alerts with credit card companies and the credit bureaus. For those now familiar with how to go about these procedures, they can contact the FTC. There is also the possibility of subscribing to ID theft services, such as Lifelock. Lifelock contacts all three credit bureaus and alerts consumers whenever a new credit card or loan application is filed, which helps stop identity theft before it starts.

Southeast Missouri State University is at the center of a crime that has roamed across two states and along the lines of connectivity into the internet.  William Elum was arrested in Atlanta earlier this week in connection with stolen data which he obtained while at SMSU.  While employed at the university, he was a hall director, which gave him access to the personal files of students residing in his dorm.

University officials were first alerted to the breach when two students reported their information was used in the course of credit fraud.  Thankfully, neither of the attempts was successful.  While there has been no word about other criminal activities, university officials advise students to be on the lookout for any inappropriate charges appearing on their credit reports.  While students are able to put a fraud alert on their account or a credit freeze, they are also able to purchase a subscription to an ID theft service.  One such company is Lifelock, which provides a similar service with all three credit bureaus.

Once the initial activity was reported, officials went through the old security logs to see if there were any other fraudulent incidences.  The review of the logs showed that reaching back to April of this year, there had been a number of attempts to use students’ personal data to enter the university’s computer system.  The userid and passwords of the students were compromised and the userid was the same as the social security number of the affected person.

Students were alerted of the breach, by letter, on Thursday of last week.  Although there was a delay of over two weeks between the recognition of the breach and the sending of the letter, university officials say this was a result of finding out which students had been affected.  There were problems with the file logs and some of the data had been corrupted, slowing down the entire notification process.

Elum had left SMSU in 2007 and spent the 2008 school year working at Georgia Tech.  There has been no word if GT will examine its own files to see if Elum committed any similar criminal activity.  The data breach was brought to the attention of authorities in Georgia, where it is a felony to be in possession of unauthorized personal data.  According to insider accounts, Elum is scheduled to appear before the Superior Court of Fulton County on June 30.

The breach occurred during a time when the university was creating a new userid system that did not use social security numbers.  At the time, Elum was able to download the information to his personal laptop.  No word has been released by university officials about security features they have made to their network to prevent the transference of private data to personal computers.

The scholastic and athletic fans at the University of Florida have one less thing to be excited about.  It seems that with all the money spent on a football team that recently won a national championship; someone forgot to create a new manual that reminded system administrators of what they’re not supposed to do.  This small oversight resulted in a data breach that exposed the personal data of over 11,000 students.  While some of the students are still in attendance, the majority of individuals have graduated and move on to areas outside of academia.

For those who are worried about the breach, the affected individuals come from a select number of people.  The majority of the people affected were involved with the Office for Academic Support and Institutional Service.  This office is also known as OASIS.  People who participated in this program between 2003 and 2005 and filled out the online application need to be on alert.  One might suspect that people who fall into this category may be some of the university’s athletic stars.  Although the university has said that the affected students or alumni have received a letter from the school with more details about the case.

There has been no word about how long the material was available to the public.  There has been an equally quiet front about how the breach was discovered and if the university took any delay before having the problem dealt with.  This reporter has checked the public database that the material used to be in and happily reports that the site has been closed and the private data removed.  Investigations will continue in to the matter to insure the safety of everyone’s personal identity.  It is also expected that the university will update its security systems and implement new policies to prevent breaches in the future.  Hopefully they do not take a page out of Columbia University’s (link) playbook, where two breaches have occurred in the last year.

While the university has made every effort to contact affected individuals, Florida officials say that there are over 500 people who cannot be reached.  This is through a failure of the university to maintain contact with some of its alumni and former students who do not keep in touch with their Alma Mater.  If you believe that you fall into the at risk category of online applicants through OASIS in the years listed above, contact the university as soon as possible.

In the meantime, representatives from Florida have not said how they plan to protect their alumni.  Some institutions provide free ID theft services when data breaches occur.  One of the companies that most corporations and schools deal with is Lifelock. While it is available to individuals, many larger institutions also use the service because they find that its policy of maintaining ties with all three credit bureaus is a wise approach.  Lifelock monitors personal credit reports and alerts consumers whenever a new loan or credit card application is taken out with their personal data.

It is not a good time to be a student at Columbia University.  This is a report about the second data breach that they’ve suffered in the last 12 months.  And it is the same type of problem.  All in all, the problem revolves around access to social security numbers.  For some reason, the university doesn’t seem to recognize the importance of keeping this data secure.  Perhaps the school’s administration hasn’t heard of the crime known as identity theft.  Maybe they have and just don’t care.

What has set the students into an uproar was the announcement that 5,000 of their social security numbers have been available on an online database that anyone could access.  Not only was the data on the web, but it was also in a searchable format, which leaves the door open for even more specifically malicious activities.  The topper though, if that is possible, is that the breach has been occurring for the last 16 months.  Over that time period, there is no figure for how many people have accessed the data.  There is also a lack of accountability among the network security administrators of the university.

Students were alerted in an email on Tuesday to bring the matter to their attention.  The university found out about the breach when an alumni contacted the school about the website.  Apparently a student in the housing department posted the material without realizing that it was unsecured.  Upon request, Google took down the website and the university believed that the threat had been contained.  Unfortunately, on Wednesday, students alerted university officials that the data for over 200 students was still available.  A petition has begun circulating around campus to show the discontentment of the student body with what appears to be an inept administration.  This is only emphasized when people think back to a similar problem that developed in April 2007 in the housing department.  Demands listed in the petition involve criminal investigations behind the people responsible for posting the private data online, in addition to a detailed description of how the university plans to increase their electronic security.

While university officials have sworn to not rest until this issue gets resolved and the security features of all Columbia systems updated, no one appears to be holding their breath.  The university has agreed to provide subscriptions to ID theft services for two years.  These companies, such as Lifelock, monitor all three credit bureaus for illicit activity.  For a nominal fee, that the university is picking up in this specific case, customers are alerted whenever a new loan is opened or a credit card application is filed.  These ID theft services are available on a personal basis too and not just for people involved in large sized data breaches.

School children need to perk up their ears and listen to their teachers. Some school boards need to follow a similar path. Yet again, a data breach has struck the educators of America. This time around, the guilty party resides somewhere in Dickson, Tennessee. Unfortunately, while the crime took place there, the ease of spreading personal information on the internet means that private material may already be spread around the globe.

Laptop computers do not just grow legs and walk away. With that said, theft is the only way to account for the disappearance of a Dickson County school official’s personal computer. In fact, the laptop was taken from the office of Johnny Chandler, the superintendent of the district. It contained the personal data of all employees of the school district between 2006 and 2007. In total, this breach puts around 850 people at risk. The material on the laptop contained addresses, license numbers, maiden names, and social security numbers. It also has tax information in addition to yearly wage data.

While police are still investigating the threat, there are some details of the case that are clear. Chandler just recently became superintendent of the district. The laptop was last accounted for on Friday. Authorities cannot find any signs of forced entry and are investigating the possibility that this was an inside job. Over the weekend, numerous people were in the building, including a cleaning crew, school staff members, and some students who were attending a retirement party. There is no motive to the crime at this point.

Chandler advises that everyone who was employed by the district keep an eye on their personal information. While a letter went out to inform people of the problem, some are not confident that their personal finances will remain unharmed. Some of these people are investing in an ID theft services. Subscriptions to such companies, such as Lifelock, allow members to have a peace of mind, knowing that their credit reports are being constantly monitored at all three bureaus. Unlike other companies, Lifelock recognized the importance of keeping an eye on credit at Equifax, TransUnion, and Experian, since some companies do not report to all three.

Chandler has vowed that a similar problem will never take place. New security procedures are being instituted for the district, including the policy that no personal information can be stored on laptops. Additionally, new security measures are in place at the district’s office, although specifics could not be obtained. The superintendent assured the media that the stolen laptop is covered by multiple encryption and security features. While there is optimism that the security will prevent any illegal access on the computer, people are advised to be vigilant. From now on, at the school district all laptops are to be locked up in a secure vault when they are not in use.