Date Made School/CoSchool or City State Type of b Public or Total Rec 1/20/2016 Anna MariaCollege/UniPaxton Massachuse DISC Private 1,161 1/31/2017 Babson ColCollege/UniWellesley Massachuse HACK Private 0 2/21/2017 Bentley UniCollege/UniWaltham Massachuse HACK Private 0 11/3/2005 Boston Col College/UniBoston Massachuse HACK Private 120,000 2/24/2020 Boston Col School Boston Massachuse HACK Public 0 10/7/2015 Boston Univ College/UniBoston Massachuse HACK Private 828 4/11/2015 Boston Univ College/UniBoston Massachuse HACK Private 0 ### Brandels Un College/UniWaltham Massachuse PORT Private 0 7/6/2016 CambridgeCollege/Uni I Boston Massachuse DISC Private 9000 7/20/2018 Clark UniveCollege/UniWorcester Massachuse HACK Private 0 10/20/2011College of College/UniWorcester Massachuse UNKN Private 493 10/23/2017College of College/UniWorcester Massachuse DISC Private 0 5/21/2015 Diman Regio School Fall River Massachuse DISC Public 0 1/15/2017 Dracut PublSchool Dracut Massachuse HACK Public 0 10/24/2019Endicott CoCollege/UniBeverly Massachuse HACK Private 0 10/4/2015 Fitchburg SCollege/UniFitchburg Massachuse DISC Public 393 2/21/2017 Harvard CoCollege/UniCambridgeMassachuse DISC Private 1400000 12/3/2008 Harvard Uni College/UniCambridgeMassachuse HACK Private 6,600 3/3/2005 Harvard Uni College/UniCambridgeMassachuse HACK Private 200 11/14/2007Harvard Uni College/UniCambridgeMassachuse PHYS Private 56 8/1/2008 Harvard Uni College/UniCambridgeMassachuse INSD Private 0 1/9/2011 Harvard Uni College/UniCambridgeMassachuse DISC Private 0 8/10/2012 Harvard Uni College/UniCambridgeMassachuse HACK Private 0 2/7/2015 Harvard Uni College/UniCambridgeMassachuse HACK Private 0 3/20/2008 Lasell Coll College/UniNewton Massachuse HACK Private 20,000 1/24/2016 Lawrence PSchool Lawrence Massachuse HACK Public 0 2/16/2008 Malden SchSchool Malden Massachuse PORT Public 233 11/23/2011MassBay Co College/UniWellesley Massachuse DISC Public 0 10/29/2007New EnglanCollege/UniBoston Massachuse DISC Private 5098 2/10/2007 Pembroke SSchool Pembroke Massachuse DISC Public 0 1/7/2017 Rising TideSchool Plymouth Massachuse HACK Public 272 10/4/2015 Roxbury CoCollege/UniBoston Massachuse UNKN Public 0 3/16/2013 Salem State College/UniSalem Massachuse HACK Public 25,000 2/14/2008 SpringfieldSchool SpringfieldMassachuse PORT Public 38 7/16/2013 Suffolk UniCollege/UniBoston Massachuse HACK Private 0 11/4/2005 Tufts UniveCollege/UniMedford Massachuse HACK Private 106,000 5/21/2010 Tufts UniveCollege/UniMedford Massachuse HACK Private 2,000 7/31/2011 Tufts UniveCollege/UniMedford Massachuse PORT Private 73 8/21/2009 University College/UniAmherst Massachuse HACK Public 0 10/3/2011 University College/UniAmherst Massachuse HACK Public 0 1/30/2008 University College/UniDartmouthMassachuse DISC Public 32 1/24/2011 WentworthCollege/Uni I Boston Massachuse DISC Private 1300 2/19/2019 Wenworth In College/UniBoston Massachuse HACK Private 3926 10/30/2009Williams CoCollege/UniWilliamsto Massachuse PORT Private 750 Informati Year of B Description of incident ITRC 2015 An employee intended to send an email to a student with the student's finan ITRC 2017 Phishing scam. ITRC 2017 Phishing scam. Dataloss D 2005 A hacker gained access to a phone banking database that included alumni ad ITRC 2019 Phishing email. ITRC 2015 In May 2015, a member of the staff of Boston University's Information System ITRC 2015 I am writing to inform you of a data security incident at Boston University rela ITRC 2015 Two Apple laptops containing academic and personal information for all stude ITRC 2016 The MacKeeper Security Research center experts have discovered and helped ITRC 2018 Phishing attack. Databreach 2011 Seven Holy Cross employees fell for phishing attempts.  The employees had ITRC 2017 On September 22nd, 2017, a Col!ege employee accidentally cross-mailed pro ITRC 2015 Diman Regional Vocational Technical High School ("Diman") is writing to prov ITRC 2017 Employees of Dracut Public Schools in Massachusetts weren’t as fortunate as ITRC 2019 Suspicious email activity from an email account belonging to a third-party ed ITRC 2015 A student notified the school that they were able to see and download an Exc ITRC 2017 More than 1.4 million emails were open to the public. Dataloss D 2008 Harvard Graduate School of Arts and Sciences (GSAS) Web server may have ITRC 2005 Intruder gains access to admission systems at Harvard, Stanford and other to Dataloss D 2007 Folders containing information about students from the University's Division o ITRC 2008 Harvard University police and the Middlesex district attorney's office are inve Databreach 2011 Harvard's switch to Google "@college" email accounts resulted in the potenti Databreach 2012 A hacking group called Team GhostShell targeted universities around the wor Media 2015 "Last month Harvard University uncovered "an intrusion" on its computer net Dataloss D 2008 A hacker accessed data containing personal information on current and forme ITRC 2016 Hackers breached Lawrence Public Schools’ online database, acquiring teach ITRC 2008 A hard drive containing the names and Social Security numbers of more than Databreach 2011 A glitch allowed nearly 400 workers from 2002 to 2011 to view the personal i ITRC 2007 In mid-October, the New England School of Law was alerted that personal inf ITRC 2007 Anyone who worked for or volunteer for the Pembroke schools in the last four ITRC 2017 On February 13, 2017, we discovered that cyber attackers may have gained u ITRC 2015 The attorney general’s office is investigating a data breach at Roxbury Comm Media 2013 A server was found to be infected with a virus.  The University computer con ITRC 2008 The Springfield Police Department is investigating the theft of three laptop co ITRC 2013 Suffolk University was recently contacted about a potential breach of persona Dataloss D 2005 The University's donor database was breached sometime in late 2004.  The Databreach 2010 Campus computers with former student files were exposed to a virus.  Over ITRC 2011 A research associate's laptop was stolen during the course of research with a Dataloss D 2009 Nearly a year ago, hackers broke into a computer server that contained Socia PHIPrivacy. 2011 A workstation at the campus University Health Services (UHS) was infected w Dataloss D 2008 A privacy organization discovered the names, grades, GPAs and partial Social ITRC 2011 WIT's system was inadvertently put online. The letter said that an "electronic ITRC 2018 Phishing attack. ITRC 2009 Williams College in Williamstown reports a recent laptop theft. The laptop, wh th the student's financial statement, but because of a software error the attachment actually contained the 1 hat included alumni addresses and Social Security numbers. y's Information Systems & Technology Department (IS&T) was contacted by the administrator of a network in Boston University related to your participation in the Boston University Initiative for Literacy Development (" formation for all students enrolled or taking a course at the University from the summer of 2012 to the prese discovered and helped to secure a publicly available, non-password protected database containing more than   The employees had their email accounts attacked and emails containing personal information for hundred ntally cross-mailed promissory notes of at least 4, and as many as 28 College alumni via the United States Po an") is writing to provide notice of a data security incident that may affect the security of some of your perso eren’t as fortunate as those at Kanawha County Schools in West Virginia. Rick Sobey and Todd Feathers repo ng to a third-party educational institution. and download an Excel spreadsheet that contained PII while they were searching Google Drive on the stude Web server may have compromised 10,000 sets of personal information from applicants and students, includi Stanford and other top business schools and helped applicants log on to learn whether they had been accep University's Division of Continuing Education were lost. The folders were from the previous year and include orney's office are investigating a security breach at the school after an undergraduate allegedly manufacture esulted in the potential compromise of some student emails.  Fewer than ten students reported that emails rsities around the world.  A total of 53 universities were affected.  Most of the data exposed was publicly a n" on its computer networks, the school disclosed late Wednesday."The discovery, which was made June 19 n on current and former students, faculty, staff and alumni. Information included names and Social Security n base, acquiring teachers’ personal information, possibly including their Social Security numbers, school offici numbers of more than 263 teachers, state employees, and consultants vanished from the School Departmen to view the personal information of any employees in MassBay's worker database system.  The information rted that personal information, including SSNs, of school alumni was available on a page of the school's web chools in the last four years has been exposed to a data breach that includes, names and SSNs. It was availa ers may have gained unauthorized access to information stored on a computer server utilized by the School. ach at Roxbury Community College, the school’s president said in an e-mail to the college community on Thu niversity computer contained information related to paychecks distributed by the University.  Current and fo heft of three laptop computers in eight days from the Springfield School Department's central office. The the ntial breach of personal information through its third-party ticketing vendor, Vendini, Inc. Vendini has reported me in late 2004.  The database was managed by a software company for nonprofit organizations named Ruff sed to a virus.  Over two thousand alumni may have had their Social Security numbers and other informatio rse of research with a Tufts professor.  The research was being conducted at MGH.  The laptop was mostly r that contained Social Security numbers and a very limited amount of credit card information for graduates (UHS) was infected with malware. The work station contained patient names, health insurance company nam PAs and partial Social Security numbers of 32 former students. It appears that the information is from a Fall o aid that an "electronic file was accessible on the Institute's website that contained personal information for a p theft. The laptop, which was stolen when an employee left it in a parked car in Boston on October 3, contai tually contained the 1098T forms of 1590 students at the college. strator of a network in Halifax, Nova Scotia who reported that a server on the Boston University networks (the eracy Development ("BUILD") program through the University's School of Education. Boston University recen r of 2012 to the present were stolen from the University Registrar, according to a Nov. 12 email sent by Maria containing more than a half of a million records on international students and info on 12 thousand host fam ormation for hundreds of people were exposed.  Though Holy Cross has a policy of encrypting all emails th a the United States Postal Service (1 of those being a resident of New Hampshire). of some of your personal information. What happened? On May 4, 2015, an email with an attached spreadsh nd Todd Feathers report that current and former employees’ personal information, including SSN, was acquire gle Drive on the student domain. (Reported to MA Office of Consumer Affairs 4/10/2015) and students, including 6,600 Social Security numbers and 500 Harvard ID numbers. they had been accepted weeks before they were to find out. “Dozens of business schools (list of some schoo ious year and included names, Social Security numbers, Harvard ID numbers, dates of birth, addresses, ema allegedly manufactured phony driver's licenses and university identification cards that can be used as debit c s reported that emails from other students with similar names were forwarded to them.  The problem occur xposed was publicly available, but student, staff, and faculty usernames and passwords were also exposed. I hich was made June 19, affects two IT systems that impact eight colleges and administrations, the school say and Social Security numbers. numbers, school officials said. In the email, Riley said the breach may have disclosed employees’ names, pho he School Department earlier this week, baffling officials. An auditor at the Department of Education's Malde em.  The information included Social security numbers, home addresses, and other personnel information. ge of the school's website through the Internet search engine Google." It has been removed nd SSNs. It was available on the Internet from May until October 2, 2007. School officials attributed the secu tilized by the School. The information potentially accessed may have included your name, address, date of b ge community on Thursday. President Valerie Roberson did not disclose the nature of the breach, which was rsity.  Current and former employees who may have been students or staff may have been affected. central office. The thefts began on 2/7 and at least one computer had names and SSNs of 38 school teachers . Vendini has reported that, on April 25, 2013, the company detected an unauthorized intrusion into its syste anizations named RuffaloCODY.  Letters were sent to the alumni who may have had their personal informati s and other information exposed. he laptop was mostly used for research, but a sensitive file had been uploaded in early 2010.  It contained mation for graduates of University of Massachusetts. Hackers gained access to one server on the university's surance company names, medical record numbers, and prescription information from January 2, 2009 to Nov rmation is from a Fall of 2004 CIS 100 class. The discovery was made in December and all affected students w onal information for a group of current and former students, including full name, social security number, and on October 3, contained the names and Social Security numbers of 750 individuals from 39 states and seve niversity networks (the "Server'') was attacking the system in Nova Scotia. As a result of this report, the Univ oston University recently learned that an email account connected with the BUILD program was accessed wit 12 email sent by Marianne Cwalina, the senior vice president for finance and treasurer. One of the stolen com 12 thousand host families and housing information crypting all emails that contain personal information, these emails were not encrypted.  Those who could h an attached spreadsheet containing personal information was inadvertently sent by an employee in Diman's ding SSN, was acquired by a hacker after an employee fell for what the district describes as a “sophisticated ols (list of some schools) were affected by the breach, with their web sites vulnerable for roughly nine hours birth, addresses, email addresses and phone numbers. Some of the folders contained additional information can be used as debit cards and to enter residence halls, the university announced yesterday. The cards, whic  The problem occurred because the email system did not distinguish between the older "@fas" accounts a s were also exposed. It is unclear if any financial information or Social Security numbers were taken from univ ations, the school says. These include the Faculty of Arts and Sciences, Harvard Divinity School, Radcliffe Ins mployees’ names, phone numbers, addresses, Social Security numbers and calendar year 2015 gross earnin of Education's Malden headquarters arrived at work Tuesday to find his computer wasn't working. Technical rsonnel information.  ls attributed the security breach to a problem with data storage within the district’s computer system. me, address, date of birth and Social Security Number he breach, which was discovered around March 16. It was reported to the board of trustees, the state Depart been affected. of 38 school teachers. ntrusion into its systems. If you used your credit card to make a purchase for a Suffolk University event throu eir personal information stolen. 2010.  It contained a spreadsheet with the information of applicants who applied to the Graduate School of ver on the university's computer system, which held information of students who attended UMass between 1 anuary 2, 2009 to November 17, 2009. There is no evidence that the data was copied from the workstation. all affected students were informed by March 3 of 2008. security number, and date of birth. m 39 states and several foreign countries. They did not state if these individuals were former or current stud f this report, the University's Information Security Department initiated an investigation. During the more tha ram was accessed without authorization. That account contained certain forms related to the Boston Public S One of the stolen computers contained students’ “names, birth dates, permanent and email addresses, phon .  Those who could have been affected were notified that their Social Security numbers, driver's license num employee in Diman's Human Resources Department to all faculty. The email was recalled that same day, bu es as a “sophisticated phishing scheme.” or roughly nine hours before the problem was fixed.” dditional information about the students and their dependents, spouses or parents. The information did not erday. The cards, which have a magnetic strip on them, are issued to Harvard students, faculty, and staff mem der "@fas" accounts and the newer "@college" accounts.  For example, the system would forward emails fro s were taken from universities. y School, Radcliffe Institute for Advanced Study, Central Administration, the Graduate School of Design, Harv ear 2015 gross earnings. However, the breach did not include any employees’ bank account information, acc n't working. Technical workers identified the problem: His hard drive was missing. Someone had taken it. mputer system. ees, the state Department of Higher Education and Attorney General Maura Healy’s office, Roberson said. Au University event through Vendini prior to April 25, 2013, your information, including your credit card number he Graduate School of Arts and Sciences at Tufts.  Applicant Social Security numbers were included in the s ded UMass between 1982 and 2002, as well as a few who attended before 1982. A UMass spokesman decline rom the workstation. The malware was on the computer from June 30, 2010 to October 28, 2010. Patients we former or current students or employees. n. During the more than month-long complex investigation, investigators learned that a third party had infiltr to the Boston Public Schools' criminal background check process for participants in the BUILD program (the " email addresses, phone numbers, courses, and grades,” according to Cwalina’s email, which went out to stud s, driver's license numbers, dates of birth, financial information and other types of information were at risk. led that same day, but some individuals had already received the email. e information did not include credit card numbers. The University speculates that the folders were placed in a faculty, and staff members and are encoded with an identification number. A person can put money on the I uld forward emails from ctucker@fas.harvard.edu to the new address of ctucker@college.harvard.com even chool of Design, Harvard Graduate School of Education, Harvard John A. Paulson School of Engineering and A ount information, according to Rile one had taken it. ffice, Roberson said. Authorities went to the campus Thursday morning to collect evidence and to interview co ur credit card number, may have been compromised. were included in the spreadsheet.  The theft occurred in April of 2011 and was reported to MGH.  Tufts lear ass spokesman declined to say how many people's records were exposed, except that it was a large number 28, 2010. Patients were notified in March. third party had infiltrated the Server and had installed a hacking toolkit, which was responsible for the attac BUILD program (the "CORI forms"), one of which included your name, social security number and driver's lic which went out to students, faculty and staff. “It is also possible that this device contained some Social Secur rmation were at risk.  olders were placed in a file cabinet that was later recycled. an put money on the ID cards, called Crimson Cash, and use them like a debit card to purchase items at store ge.harvard.com even if the "@harvard" email had been taken by a different student. Students with "@harvar l of Engineering and Applied Sciences, or Harvard T.H. Chan School of Public Health." ce and to interview college employees as part of an ongoing investigation. d to MGH.  Tufts learned of the breach on June 16, 2011. t was a large number of undergraduate and graduate students who attended the university during the 20-ye sponsible for the attacks on the system in Nova Scotia. umber and driver's license number. ned some Social Security numbers,” according to the email. urchase items at stores on and off campus, buy items at campus vending machines, pay for campus laundry udents with "@harvard" emails also had their emails forwarded to other students' accounts. rsity during the 20-year period. pus laundry machines, and gain access to residence and dining halls.