At first it was only college students who were hit hard by a lack of security. Now it has sunk down all the way to second graders. The youth have been impacted and might have to deal with the threat of identity theft for the rest of their life while those who just took the ACT and are beginning their college careers are also affected. Williamson County school board officials recently announced that a former school board official illegally posted a breach of student social security numbers, names, and addresses on the internet.

The person responsible for posting the information on the internet is former Student Assessment Director Chris Nugent. It appears that, without consent, he copied the information to a jump drive and then was using the information for a college project he was working on. Although he had no intention of posting the private data online, it was inadvertently uploaded while he was working on his project. Unfortunately, this breach went unnoticed for over a year. It was only discovered after a student was searching for information about themselves on the internet that the news of the breach spread.

In all, around 5,000 student had their social security numbers released, while another 10,000 students had their names and ACT scores posted online. The school superintendent, Rebecca Sharber, found out about the breach on June 26, but waited until July 9 before alerting the wider school community. She has explained this delay in notifying the affected parties as a way of making sure that she had all the facts straight before addressing the litany of questions she knew she would face from parents. While she might have been better prepared for the questions, she has also drawn fire from parents who think she waited too long before announcing the breach.

Other school board members were also upset about the delay. One parent noted that there was such inconsistency with the information provided by everyone. At one point it was 15% of all students in the district, then it was 3rd-8th graders and then it was finally the correct information about second graders and those who took the ACT last year. Some parents have expressed their concern about this incident haunting the lives of their kids for years to come and are worried with all the paperwork that now needs to be filed to take care of everything. One way that people can avoid this type of paranoia is to subscribe to ID theft services, such as Lifelock. These companies contact all three credit bureaus and alert their customers whenever a new application, such as a credit card or loan, is filed. Lifelock verifies that these are being opened by the real person and are not an attempt at identity theft.

Watch out students. No where seems to be safe on campus anymore. Not even the private offices of workers who handle the confidential data of many students. No wonder there is always such a flurry of signs reminding students at the end of the semester that they need to be mindful of their belongings, since people are stealing everything that isn’t bolted down to profit from at book sell back time. Even those things that are bolted down can walk away as was the case earlier in the month when a desktop computer was taken from an administrative office. There has been no word yet on which specific office was robbed or the exact material contained on the hard drive.

What is clear at this point is that over 6,200 students have been notified of the breach, although this was only made clear to the media through the outreach of the father of a student who was affected. It isn’t understood why the university did not approach the media and own up to its responsibility that its systems had been breached. Some have speculated that the East Tennessee State University is fearful that it will be found in violation of some of its safety and security policies. No word yet on how the university has responded to these accusations.

The breach not only affects current students, but also alumni. Unfortunately there hasn’t been any discussion about how far into the past the data goes, so there is no window of time that we can report to the public to let them know whether or not they should be concerned. The best thing to do is to keep an eye out for a letter from the university that deals with this case. Those seeking more information can contact the university’s Department of Safety.

The information contained on the desktop was encrypted and it met the standards that educational institutions are expected to have. At the same time, university officials have noted that there is a slight chance that the data could still be accessed, although there have been no reports of this happening. As the investigation continues, the university says that it will keep everyone posted and that it will assess its security settings to determine whether or not they need to be upgraded.

In the meantime, those affected are advised to contact one of the credit bureaus to place a fraud alert on their accounts. There are some ID theft subscription services, one being Lifelock, that provides continuous monitoring services. They contact all three credit bureaus, Equifax, Trans Union, and Experian and monitor for new loan and credit card applications. Whenever one of these applications appears, Lifelock contacts its customer to make sure that the application is legitimate and not some effort at identity theft.

It isn’t only laptop computers that seem to grow legs and walk away anymore. Even desktops have become a popular target for thieves looking for some easy money. Sure, more and more people are stealing catalytic converters and while it is a pain to have to spend $200-$1000 to get a new one it is a lot cheaper than having someone on the internet buy your identity for next to nothing and creating headaches for you for the rest of your life. Whether or not the person who stole the computer from the office at the Moore School of Business at the University of South Carolina had the intention of just a few easy bucks for a computer or identity theft, it isn’t clear at this point yet.

What is clear as the facts have been coming in is that over the Memorial Day weekend one of the offices at the Moore School was broken into and many items were stolen, including the desktop computer. The computer was the workstation of Deputy Dean Dr. Scott Koerwer. While there is no information at this point that any of the personal data on the computer was actually accessed, the university is taking a proactive stance and alerting the affected people. In total over 130 staff and faculty have been notified and 7,000 students need to keep an extra eye on their financial status. The faculty and staff is only currently employed, so if you had worked at the Moore School in the past, your data is not at risk. As for the student body, the 7,000 students were registered for classes in the business department in the last year, both undergraduates and graduate students.

The break-in is under investigation by the university’s department of public safety and there are currently no leads. This issues has raised the question of USC’s security policy for private information. Although no official would speak on the record, one person familiar with the security systems at the university said that files are encrypted and that procedures are set in place so that private data is contained only on stationary computers that remain on campus at all times. This is in an effort to prevent this type of breach from happening at the homes of individuals who deal with sensitive material. Students and faculty were sent a letter which advised them to keep an eye out for suspicious activities and steps that they should take to safeguard their finances.

One of the measures that is recommended is placing a fraud alert with one of the credit bureaus. Companies, like Lifelock, offer this type of ID theft subscription service. They alert all three credit bureaus and make sure that credit card and loan applications are actually being opened by the person named on the account. If anyone associated with the USC break-in has more questions, they are advised to contact the department of public safety.

Today, officials at the University of Nebraska at Kearny released a press release that informed current and former students of a data breach that took place last month on nine computers on campus. Although all the computers were affected were desktops, there are going to be an increase in the data regulations and security policies implemented on campus computing facilities. In all, over 2,000 people are now potential victims of identity theft.
According to the press release, the breach took place on June 8 and was noticed and responded to on June 9. No word on why the university took almost a month to alert its students and alumni of the breach, although the release did note that a thorough and complete investigation of the matter had taken place. After this investigation, the breach was traced back to individuals in the Republic of Slovenia. The departments affected by this intrusion include History, Biology, Psychology, Computer Science, Math, and Sociology. Two computers in History, Biology, and Psychology were affected, while only one computer was accessed in each of the other departments. Students impacted by this were either History advisees in 2002-2003, or deciding students in 2001-2002, or students enrolled in the Masters of Science in Biology program that takes place online.

At this point, there have been no reports of any illegal activities taking place from the data gathered illegally. Such information included social security numbers, names, addresses, and bank routing numbers. The release said that there is no indication that there was any effort to use the information for illicit purposes or if it was even stolen from the systems. One proposed possibility for the breach was to use the computer’s processing power to help spread spam to all computers on campus, although the validity behind this claim has yet to be proven. Letters to this affect and that spell out necessary actions to take are being sent out to the 2, 035 people involved in the breach.

The university has spelled out that this is the first breach of its kind to affected Kearny. Officials with the information systems and services department have assured the student body that they have numerous security features in place to prevent this type of intrusion, including firewalls and encryption services.

Those affected will only receive a letter. The university will not contact anyone by email or phone and individuals are advised to not give their social security number out to anyone inquiring for the information over the phone or online. Authorities suggest that students file fraud alerts with credit card companies and the credit bureaus. For those now familiar with how to go about these procedures, they can contact the FTC. There is also the possibility of subscribing to ID theft services, such as Lifelock. Lifelock contacts all three credit bureaus and alerts consumers whenever a new credit card or loan application is filed, which helps stop identity theft before it starts.

Southeast Missouri State University is at the center of a crime that has roamed across two states and along the lines of connectivity into the internet.  William Elum was arrested in Atlanta earlier this week in connection with stolen data which he obtained while at SMSU.  While employed at the university, he was a hall director, which gave him access to the personal files of students residing in his dorm.

University officials were first alerted to the breach when two students reported their information was used in the course of credit fraud.  Thankfully, neither of the attempts was successful.  While there has been no word about other criminal activities, university officials advise students to be on the lookout for any inappropriate charges appearing on their credit reports.  While students are able to put a fraud alert on their account or a credit freeze, they are also able to purchase a subscription to an ID theft service.  One such company is Lifelock, which provides a similar service with all three credit bureaus.

Once the initial activity was reported, officials went through the old security logs to see if there were any other fraudulent incidences.  The review of the logs showed that reaching back to April of this year, there had been a number of attempts to use students’ personal data to enter the university’s computer system.  The userid and passwords of the students were compromised and the userid was the same as the social security number of the affected person.

Students were alerted of the breach, by letter, on Thursday of last week.  Although there was a delay of over two weeks between the recognition of the breach and the sending of the letter, university officials say this was a result of finding out which students had been affected.  There were problems with the file logs and some of the data had been corrupted, slowing down the entire notification process.

Elum had left SMSU in 2007 and spent the 2008 school year working at Georgia Tech.  There has been no word if GT will examine its own files to see if Elum committed any similar criminal activity.  The data breach was brought to the attention of authorities in Georgia, where it is a felony to be in possession of unauthorized personal data.  According to insider accounts, Elum is scheduled to appear before the Superior Court of Fulton County on June 30.

The breach occurred during a time when the university was creating a new userid system that did not use social security numbers.  At the time, Elum was able to download the information to his personal laptop.  No word has been released by university officials about security features they have made to their network to prevent the transference of private data to personal computers.

The scholastic and athletic fans at the University of Florida have one less thing to be excited about.  It seems that with all the money spent on a football team that recently won a national championship; someone forgot to create a new manual that reminded system administrators of what they’re not supposed to do.  This small oversight resulted in a data breach that exposed the personal data of over 11,000 students.  While some of the students are still in attendance, the majority of individuals have graduated and move on to areas outside of academia.

For those who are worried about the breach, the affected individuals come from a select number of people.  The majority of the people affected were involved with the Office for Academic Support and Institutional Service.  This office is also known as OASIS.  People who participated in this program between 2003 and 2005 and filled out the online application need to be on alert.  One might suspect that people who fall into this category may be some of the university’s athletic stars.  Although the university has said that the affected students or alumni have received a letter from the school with more details about the case.

There has been no word about how long the material was available to the public.  There has been an equally quiet front about how the breach was discovered and if the university took any delay before having the problem dealt with.  This reporter has checked the public database that the material used to be in and happily reports that the site has been closed and the private data removed.  Investigations will continue in to the matter to insure the safety of everyone’s personal identity.  It is also expected that the university will update its security systems and implement new policies to prevent breaches in the future.  Hopefully they do not take a page out of Columbia University’s (link) playbook, where two breaches have occurred in the last year.

While the university has made every effort to contact affected individuals, Florida officials say that there are over 500 people who cannot be reached.  This is through a failure of the university to maintain contact with some of its alumni and former students who do not keep in touch with their Alma Mater.  If you believe that you fall into the at risk category of online applicants through OASIS in the years listed above, contact the university as soon as possible.

In the meantime, representatives from Florida have not said how they plan to protect their alumni.  Some institutions provide free ID theft services when data breaches occur.  One of the companies that most corporations and schools deal with is Lifelock. While it is available to individuals, many larger institutions also use the service because they find that its policy of maintaining ties with all three credit bureaus is a wise approach.  Lifelock monitors personal credit reports and alerts consumers whenever a new loan or credit card application is taken out with their personal data.

It is not a good time to be a student at Columbia University.  This is a report about the second data breach that they’ve suffered in the last 12 months.  And it is the same type of problem.  All in all, the problem revolves around access to social security numbers.  For some reason, the university doesn’t seem to recognize the importance of keeping this data secure.  Perhaps the school’s administration hasn’t heard of the crime known as identity theft.  Maybe they have and just don’t care.

What has set the students into an uproar was the announcement that 5,000 of their social security numbers have been available on an online database that anyone could access.  Not only was the data on the web, but it was also in a searchable format, which leaves the door open for even more specifically malicious activities.  The topper though, if that is possible, is that the breach has been occurring for the last 16 months.  Over that time period, there is no figure for how many people have accessed the data.  There is also a lack of accountability among the network security administrators of the university.

Students were alerted in an email on Tuesday to bring the matter to their attention.  The university found out about the breach when an alumni contacted the school about the website.  Apparently a student in the housing department posted the material without realizing that it was unsecured.  Upon request, Google took down the website and the university believed that the threat had been contained.  Unfortunately, on Wednesday, students alerted university officials that the data for over 200 students was still available.  A petition has begun circulating around campus to show the discontentment of the student body with what appears to be an inept administration.  This is only emphasized when people think back to a similar problem that developed in April 2007 in the housing department.  Demands listed in the petition involve criminal investigations behind the people responsible for posting the private data online, in addition to a detailed description of how the university plans to increase their electronic security.

While university officials have sworn to not rest until this issue gets resolved and the security features of all Columbia systems updated, no one appears to be holding their breath.  The university has agreed to provide subscriptions to ID theft services for two years.  These companies, such as Lifelock, monitor all three credit bureaus for illicit activity.  For a nominal fee, that the university is picking up in this specific case, customers are alerted whenever a new loan is opened or a credit card application is filed.  These ID theft services are available on a personal basis too and not just for people involved in large sized data breaches.

School children need to perk up their ears and listen to their teachers. Some school boards need to follow a similar path. Yet again, a data breach has struck the educators of America. This time around, the guilty party resides somewhere in Dickson, Tennessee. Unfortunately, while the crime took place there, the ease of spreading personal information on the internet means that private material may already be spread around the globe.

Laptop computers do not just grow legs and walk away. With that said, theft is the only way to account for the disappearance of a Dickson County school official’s personal computer. In fact, the laptop was taken from the office of Johnny Chandler, the superintendent of the district. It contained the personal data of all employees of the school district between 2006 and 2007. In total, this breach puts around 850 people at risk. The material on the laptop contained addresses, license numbers, maiden names, and social security numbers. It also has tax information in addition to yearly wage data.

While police are still investigating the threat, there are some details of the case that are clear. Chandler just recently became superintendent of the district. The laptop was last accounted for on Friday. Authorities cannot find any signs of forced entry and are investigating the possibility that this was an inside job. Over the weekend, numerous people were in the building, including a cleaning crew, school staff members, and some students who were attending a retirement party. There is no motive to the crime at this point.

Chandler advises that everyone who was employed by the district keep an eye on their personal information. While a letter went out to inform people of the problem, some are not confident that their personal finances will remain unharmed. Some of these people are investing in an ID theft services. Subscriptions to such companies, such as Lifelock, allow members to have a peace of mind, knowing that their credit reports are being constantly monitored at all three bureaus. Unlike other companies, Lifelock recognized the importance of keeping an eye on credit at Equifax, TransUnion, and Experian, since some companies do not report to all three.

Chandler has vowed that a similar problem will never take place. New security procedures are being instituted for the district, including the policy that no personal information can be stored on laptops. Additionally, new security measures are in place at the district’s office, although specifics could not be obtained. The superintendent assured the media that the stolen laptop is covered by multiple encryption and security features. While there is optimism that the security will prevent any illegal access on the computer, people are advised to be vigilant. From now on, at the school district all laptops are to be locked up in a secure vault when they are not in use.

It seems that no one can catch a break anymore. Instead of students bringing an apple for the teacher everyday, they might want to pool their money and get their instructor some sort of identity theft service. Yet another school district in the United States has fallen prey to the wide-spread crime of data theft. Of course, like most unfortunate turn of events, the data breach impacted hard working educators and staff. This breach occurred on the east coast, in the Harrisonburg City Schools of Virginia.

At this point, the information regarding the data breach is extremely unclear. The investigation has only recently begun and there are no suspects yet named. The breach occurred through the theft of a laptop by a consultant for BB&T Insurance. BB&T provides dental coverage for the school district’s staff and faculty. The laptop was stolen out of the car of the contractor while he was in Ohio working on another client’s case. No word on why the consultant had the personal material on his private laptop. The material stolen contained limited medical records, addresses, names, and social security numbers. Authorities report that this is more than enough material to successfully steal someone’s identity.

In an effort to calm fear about the possibility of the data breach, a spokesman for BB&T assured the media that there are numerous security settings on the laptop to prevent it from being illegally accessed. He would not go in to more detail, saying only that “there are multiple levels of encryption and security which we believe will deter any criminal elements from accessing private files.” The spokesman was also reluctant to announce when the breach was first reported, since the school district was only notified in the middle of May. Once again, the spokesman told the media that he could not share any more details about the ongoing investigation, except that more details would be made clear in a press release.

At this time, there is no estimate about the number of individuals who might be affected by this breach. Mike Loso, assistant superintendent for the school district, said that an email was being sent out to the entire district to let people know about the potential risk to their personal data. A.C. MacGraw, the spokesman for BB&T said that the company plans to contact the affected individuals directly, once a number has been determined. The insurance company will offer its customers a subscription in Equifax’s Credit Watch until the threat has passed.

While a subscription to the Credit Watch is a good first step, it does not cover victims as well as other ID theft services, such as Lifelock. While Equifax monitors the credit reports of a client as seen by their system, there are still two other credit bureaus which are not included in the Credit Watch. Lifelock provides a system that monitors all three bureaus and alerts people if someone attempts to open a new credit card account or take out a loan in that person’s name.

One of the oldest institutions of higher education in the United States recently suffered from one of the newest and pervasive forms of crime. Officials reported in mid-February that someone had gained access to private and highly sensitive information off of one of the Harvard University servers. The server also contained personal information about a number of applicants and current students, although this material was believed safe until further investigations showed the data breach was wider than originally believed.

Initially, statements from Harvard noted that the servers contained personal data, but that it has not been compromised. As time went on, however, authorities came forward with the troubling news that numerous students were now at risk for identity theft. In total, over 10,000 personal records were accessed and out of this 10,000, there were over 6,500 social security numbers taken. The university also reported that Harvard Student ID numbers were also taken, although these do not pose the same security risk as do the social security numbers.

The breach occurred on the university’s Graduate School of Arts and Sciences’ server, although no one has been indicated as a suspect in the crime. There has also been no indication of how long the data breach was taking place before system authorities were notified and shut down access to the server. This is just one in a long string of data breaches that have hit the collegiate education system in the United States. However, Harvard has shown itself to be one of the best responding universities.

CIO Daniel Moriarty reported to the media that, although there was some initial hope that the student data was safe, it was his unfortunate duty to report that these hopes were no longer valid. The university has assured students that it will do everything in its power to help combat any instances of identity theft that might result from this breach. One of the most basic steps the university is taking is “notifying the individuals who have been impacted and lining up the [identity theft] services for those individuals.” Similar services have been available at other institutions, although there has been a greater lag time between the data breach and the purchase of the ID theft services.

Although used by students, one of the services available to anyone concerned with protecting their identity is Lifelock. The company provides credit monitoring through all three bureaus and alerts the subscriber before any loan applications or credit cards are opened in their account. For a minimal monthly fee, subscribers have reported having a better piece of mind and more confidence that their identity will remain secure.

*In an alarming piece of news, Harvard University students affected by the data breach in February have more to worry about. In mid-March investigators found that personal data from the university server had been posted on the peer-to-peer file transfer system known as BitTorent. This has effectively spread the social security number and private data to millions of individuals.