September Data Breaches Hit Kentucky and Florida

Eastern Kentucky University (EKU) in Richmond became the latest institution branded by a data breach when its IT team found a file containing sensitive data that could have been accessed through its public Web site. According to a FAQ posted on the university's Web site, the file contained the names and Social Security numbers and other information for 5,045 faculty, staff, and students on the institution's payroll during the 2007-2008 academic year.

The university said it has no knowledge that the personal information in the file was misused or exploited. Initially posted Sept. 29, 2008, the file was discovered nearly a year later, Sept. 18, 2009 when members of the IT staff performed a Google search.

As quoted in the campus' student newspaper, The Eastern Progress Online, Mona Isaacs, associate vice president of IT, said the file was found "by serendipity." "We were actually searching for something else when we found it," she said.

The file had been posted by a university staff member into a directory containing other public documents, according to the university, in violation of Eastern Kentucky's information security policies and guidelines. "It demonstrates that we must have heightened vigilance in this area," the university said in its FAQ. "EKU is undertaking an institution-wide data inventory initiative and conducting a full review to further improve our policies and practices regarding the security of our confidential data."

Although the file was removed immediately, the university said Google still had pointers to the file which could return "small snippets." Once Google confirmed removal of those pointers, individuals on the list were notified of the breach, five days after discovery. The university said no reports of identity theft have surfaced among those involved.

The university has designated two people in its human resources department to address personnel concerns about the breach and has set up an e-mail address, phone hotline, and Web page to provide additional information.

This incident falls on the heels of two other breaches surfacing in higher education during September.

On Sept. 1, some 100 students at Bluegrass Community and Technical College based in Lexington, KY received letters from the college saying that their names and Social Security numbers had been reported to the police as stolen. According to coverage by WKYT, a news program in the region, the letter contained few details, and school administrators would give no details about the theft, only confirming that it had taken place and that a police report had been filed.

Then the University of Florida in Gainesville reported a privacy breach Sept. 14 after the discovery of an unprotected file containing 34 names and 25 Social Security numbers on a computer in use at the campus. In a news release the university said it believed the personal information belonged to trainers working with the Florida Traffic and Bicycle Safety Education program in 2006. Earlier in the year, the university had informed 97,200 people that a hacker had broken into a legacy application and may have taken social security numbers of campus community members present and past.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • glowing AI brain composed of geometric lines and nodes, encased within a protective shield of circuit patterns

    NIST's U.S. AI Safety Institute Announces Research Collaboration with Anthropic and OpenAI

    The U.S. AI Safety Institute, part of the National Institute of Standards and Technology (NIST), has formalized agreements with AI companies Anthropic and OpenAI to collaborate on AI safety research, testing, and evaluation.

  • a glowing gaming controller, a digital tree structure, and an open book

    Report: Use of Game Engines Expands Beyond Gaming

    Game development technology is increasingly being utilized beyond its traditional gaming roots, according to the recently released annual "State of Game Development" report from development and DevOps solutions provider Perforce Software.

  • translucent lock composed of interconnected nodes and circuits at the center

    Cloud Security Alliance: Best Practices for Securing AI Systems

    The Cloud Security Alliance (CSA), a not-for-profit organization whose mission statement is defining and raising awareness of best practices to help ensure a secure cloud computing environment, has released a new report offering guidance on securing systems that leverage large language models (LLMs) to address business challenges.