Log in

Posts Tagged ‘University of Hawaii’

Univ. of Hawaii settles data breach lawsuit

January 29th, 2012

Companies cannot just get away with data breaches. They are answerable to customers and have to compensate. Customers generally file lawsuits when their demands are not met and where private data is stolen.

The following news report is making headlines

The University of Hawaii has agreed to provide two years of credit protection services to settle a class-action lawsuit that involved data breaches that took place between 2009 and 2011

Seal of the University of Hawai i System

UOH settles data breach lawsuit

wherein 100,000 students, faculty, alumni and staff between 2009 and 2011, officials and attorneys were involved. This was announced last Thursday.

Apparently the university has denied liability for the breaches. Its spokesperson said it will settle the case by providing two years of credit monitoring and credit restoration services to members who request it. According to the university spokesperson it will continue to “work diligently so that the chance of future data breaches is significantly reduced.”

Data breach details

There were five data breaches in all. It also included the one that took place in 2009 where Social Security numbers, grades and other personal data were posted online for almost a year before being removed from the website. According to University officials a faculty member uploaded files containing the information to an unprotected server, exposing the names, academic performance, disabilities and other information of more than 40,000 students who attended the flagship Manoa campus from 1990 to 1998 and in 2001, by mistake.

Breaches also took place at the West Oahu campus, Kapiolani Community College and Honolulu Community College.

The University’s statement ”We are pleased to settle this case by providing two years of credit monitoring and credit restoration services to those class members who request it. The University continues to work diligently so that the chance of future data breaches is significantly reduced. Given the uncertainties and expense of litigation, the University believes this settlement is in the best interests of the University and its entire ‘ohana.”

The attorneys, Bruce Sherman and Thomas Grande who are representing the class, said

“We have researched more than forty (40) data breaches at colleges and universities across the country. In almost every instance, two years of credit monitoring and fraud restoration were offered to data breach victims,” said Bruce Sherman, one of the attorneys representing the class. “Offering two years of credit monitoring and fraud restoration services to breach victims should be the standard response by any breaching entity in Hawai’i, including government agencies,” Sherman noted.

“The settlement is significant for several reasons,” said Thomas Grande, who also represents the class. “This settlement is the first data breach settlement in Hawai’i and affects almost 100,000 persons,” Grande noted.

“Credit monitoring provides for continuous checking by a credit agency of a class member’s credit file. If there is suspicious activity, the class member is notified immediately and is given assistance to resolve the problem,” Sherman said.

“Credit monitoring services may cost as much as $5 to $15 per month if purchased individually. We are extremely pleased that the University has negotiated a settlement package that provides these services to every class member who wants them,” Grande said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Credit report monitoring data breach Honolulu Community College Information privacy Kapiolani Community College Manoa Personally identifiable information Social Security number University of Hawaii

Massive Data Breach at Hawaiian University

November 8th, 2010

: Image via Wikipedia

Educational universities have been struggling with their data security norms and have failed to keep the confidential students data secure. A new case which highlights this fact is the huge data breach incident at Hawaiian University, which in-fact is the 2nd time such a case has happened in the university for the 2nd time this year. At stake is the most sensitive personal information of the students and alumni.

The affected alumni who are being notified this week include those who attended UH’s Manoa campus from 1990 through 1998 and during 2001 and students who attended the UH West Oahu campus during the fall of 1994 or graduated between 1988 and 1993. The hackers had managed to penetrate the server at Manoa campus. The attack exposed the names, social security number, driving licenses and social security numbers of around 53,000 students, employees and faculty members.

This time around last year, a similar case had happened when the details of 4500 students were officially posted on the website of the school. These details included names, social security numbers etc.

On their side, University of Hawaii officials have mentioned that case was reported to the FBI & Honolulu Police Department. As a matter of precaution the un-secured server was also disconnected by the officials to prevent further losses. In addition all the impacted alumni have been sent email notices. Email notices were also sent last week to impacted alumni mentioning that the university “has no evidence that anyone’s personal information was accessed for malicious intent.”

According to the Titus of Liberty Coalition similar breaches have been discovered in other universities across the United States. The notable ones include personal information of over 250,000 individuals which was held by a Florida state employment office.

At the moment it is difficult to track the level of misuse of this information.

University spokeswoman Tina Shelton said, “The university system is NOT aware of any actual security breaches raised by the inadvertent exposure by the UH West Oahu professor.”

Naturally the students are disturbed by the security breach and graduate Paul Philpott is one of them. He is one of the alums whose personal information was exposed and has spoken to other friends and classmates as well.

Philpott said in an email, “None of us have given any authority to any person or institution to have our identities used, put on the Internet, or to be used in a study on us”. “For those affected that I have talked with, explanations and help should be immediate and detailed”.

The Titus of Liberty Coalition mentioned in a telephone interview. “It’s my impression that the University of Hawaii is a few years behind in its IT (information technology) security,”

He also added, “This could have been prevented if the university had a policy of scanning its IT system for records containing personal information like social security numbers,” he says, adding software programs and information technology experts are available to perform such searches.

All the potentially affected students can call (808) 956-6000 during weekday business hours or check the website at http://www.uhwo.hawaii.edu/idalert

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software.The threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

University of Hawaii Data Breach

July 19th, 2010

: Image by Getty Images via @daylife

Following-up with our last post on Northwestern Iowa University data breach, another data breach incident has happened at the University of Hawaii in Manoa.

The computer security breach is believed to have impacted about 53,000 people causing exposure of their personal information which includes over 40,000 social security numbers and over 200 credit card numbers.Apparently the information was stored on on a computer server used by the Manoa campus Parking Office.

Breach Discovery

The damage was discovered during an audit exercise conducted on 15th June 2010. As per the officials the breach had happened on May 30, 2010. Once the breach was known, the sever was isolated from the rest of the network and an investigation was started which included notification of the Honolulu Police Department and the FBI. In addition, a forensic computer expert was hired to do further investigation.

About the data

As stated above, the database contained Social security numbers and credit card information. In addition, it also had records for faculty, staff, and students who were at the institution during 1998. Business information of people had engaged with the parking office such as purchasing parking permits or having a car towed was also exposed.

The Impact of the Breach

So far there is no evidence that the personal information inside the server has either been used or accessed. However, the people who have been potentially affected will be monitoring their their financial information and taking measures against identity theft. They have been encouraged to obtain credit reports and review credit and bank information statements regularly for any unusual or suspicious activities. A helpline has been setup by the university to answer questions via the phone and through email. The telephone hotline is at #956-6000 and email is at www.hawaii.edu/idalert/.

What the University Says

The university has issued a press release which says, “To protect personal information from further unauthorized access, Social Security numbers are no longer used for parking transactions and are being purged from all current and historic Parking Office databases,” the university said in a news release. “Additional security measures that are being taken include strengthening internal automated network monitoring practices, and performing extensive evaluations of systems to identify other potential security risks”.

The university spokesman Gregg Takayama said, “A computer hacker introduced a virus into a UH Manoa computer server containing parking office information and this enabled access to data on about 53,000 people”. “As part of our investigation we do know that a computer site in China was involved but that doesn’t necessarily mean that the hacker originated in China,” said Takayama.

What should affected individuals know and do?

Khon2.com has published a detailed set of FAQs which addresses most of the queries related to this incident. One of the queries also provides tips for affected individuals:

Carefully monitor your financial information and take protective measures against identity theft, which include:

Obtaining and carefully reviewing credit reports. Free credit reports from all three credit agencies may be obtained by calling 877-322-8228.
Reviewing bank and credit card statements regularly, and looking for unusual or suspicious activities.
Contacting appropriate financial institutions immediately upon noticing any irregularity in a credit report or account.

Are you suffering from the breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.