In this week's breach roundup, read about the sentencing of a hacker who changef his medical college entrance exam scores. Also, the state of Colorado is notifying 19,000 current and former employees that their information may have been exposed following the loss of a USB drive.
Hacker Modified College Exam Scores
Bosung Shim of Rockville, Md., was recently sentenced to three months in prison in connection with hacking a website to change his medical college entrance exam scores, according to the U.S. Attorney's Office for the Eastern District of Virginia.
Shim pleaded guilty to one count of computer intrusion, prosecutors say. In 2012, over a period of six months, Shim attempted to hack into the Association of American Medical Colleges computers to change his Medical College Admissions Test scores, the U.S. attorney says. After he failed in attempts to hack the computers, he hired other hackers to do it for him.
Prosecutors say Shim also admitted to attempting to gain unauthorized access to computers at the University of Michigan. And they say he also perpetrated related fraud against additional victims, including the National Institutes of Health.
In addition to his prison sentence, Shim faces seven months in community confinement and three years of supervised release. In addition, he was required to pay $32,000 in restitution and forfeit the computer equipment used in the crime.
Lost USB Drive Affects State Employees
The state of Colorado is notifying 19,000 current and former employees that their information may have been exposed following the loss of a USB drive by a state employee.
An employee lost the USB drive while transporting it between work locations, according to the Governor's Office of Information Technology. Compromised information includes names, Social Security numbers and possibly addresses, the office says.
Initial notification letters sent by the state caused additional concern because there was no letterhead and no phone number to call, the Denver Post reports. Further, a website link included in the letter was misleading because it was underlined and overrode an underscore contained in the web address, a spokeswoman for the Governor's Office of Information Technology told the newspaper.
Laptop Stolen from Surgeon's Home
A San Jose, Calif., surgeon is informing 8,900 patients that their information may have been compromised after an unencrypted laptop was taken from his residence.
The house of Stephen T. Imrie, M.D., was broken into on Sept. 23, according to a notification letter. The theft was immediately reported to the San Jose Police Department. To date, the laptop hasn't been recovered.
Compromised information includes name, telephone number, date of birth, Social Security number, patient medical history and, in some cases, surgical information.
Impacted individuals are also being offered one year of free identity protection services through AllClear ID, the notice says.
Student Accessed School District Data
Radnor Township School District in Pennsylvania is notifying approximately 2,000 current and former employees that their personal information was accessed by a middle school student.
In November, district officials discovered that the student accessed an open folder on the school district's internal network, school district officials say.
The student viewed the folder in May or June and copied the information to a flash drive, which he e-mailed to three other students, the school says.
"We do not believe any information was used in any way," the school says. "The students we have spoken to indicate that four or five other middle school students saw the file but did not copy it or use it."
Compromised information includes names, addresses, phone numbers, dates of birth and Social Security numbers, the school says.