Information Security Bulletin Stolen Personal Information (September 2012)

advertisement
Information Security Bulletin
Issue #2012-07
Raising awareness of information security related issues and concerns.
Stolen Personal Information (September 2012)
There is a lot we can learn from other’s mistakes. If you are keeping electronic files (Word, Excel, Access,
etc) with personally identifiable information on your PC, laptop, tablet or any other device, please let us
know. To keep from being victimized by identity theft, practice due diligence by monitoring your credit
reports.
University of South Carolina
In the latest of six separate breaches, records from as far back as 2005 containing names, addresses and social security
numbers of 34,000 researchers, members of the staff, and students from the University of South Carolina’ Department
of Education have been compromised. Previous breaches included the accidental attachment of a file with PII to
1,000 students, hacking of the university post office database; unintential exposure of files continaing ssns, test scores
and grades, a stolen computer from the Moore School of Business, and an error that resulted in the exposure of information for faculty, staff, retirees and students. If you have worked for or attended University of South Carolina and
have reason to believe your information may be compromised, please contact them. To learn more about the latest
breach, http://www.thestate.com/2012/08/22/2408388/hacker-breach-might-affect-34000.html#.UDTlJKCDnTo
University of Rhode Island-College of Business Administration
Unencrypted files containing personal information for approximately 1,000 current and former faculty members, 26
former students, and 80 students from an out-of-state University were inappropriately loaded onto a server used by
faculty to upload and share information related to their courses. The files were publicly accessible from March, 2007
- July 2012. Although they have sent out letters, if you have reason to believe you might be affected, please contact
the school. http://www.uri.edu/datanotice/
Indianapolis-based Cancer Care Group
The July 19th theft of a employee’s notebook from his locked car compromised the patient names, addresses, dates of
birth, Social Security Numbers, medical record numbers, insurance information as well as clinical data about treatments for as many as 55,000 cancer patients. Also stored on the notebook was employee data. The files were not encrypted. If you or someone you know may be affected, please contact the Cancer Care Group. To read more, http://
www.scmagazine.com/data-of-55k-stolen-from-indianapolis-cancer-facility/article/256512/
Blizzard (World of Warcraft, Starcraft, Diablo III, etc.)
Since many of our employees enjoy online games such as World of Warcraft, Starcraft II and Diablo III, most will
be aware of this summer’s breach where Blizzard’s internal network was illegally accessed and answers to personal
security questions, authenticator data and cryptographically scrambled Battle.net passwords has been taken. If you
haven’t already done so, please be sure to change your Blizzard password immediately. If you used that same password or personal security question answers anywhere else on the web, be sure to update every instance to something
new. To read more, http://us.blizzard.com/en-us/securityupdate.html
Information Security Team:
Cheryl Bowman, Information Security Risk Advisor 831-6574 cbowman@epcc.edu
Richard Becker, Security Analyst 831-6411 rbecker3@epcc.edu
The El Paso County Community College District does not discriminate on the basis of race, color,
national origin, religion, gender, age, disability, veteran status, sexual orientation, or gender identity.
Download