Quotable ..... “ You are an essential ingredient in our ongoing effort to reduce Security Risk. ” -- Kirsten Manthorne

Each October we like to share information related to cybersecurity. This month we have advice from Kristen Roberts, Assistant Director for Institutional Compliance, on this important topic.

As we do each month, we invite you to review the events happening across higher education with a view toward proactively managing risk. We welcome any comments and suggestions.

M. Kevin Robinson, CIA, CFE
Vice President
Office of Audit, Compliance & Privacy
Follow us on X

Information Security & Technology Events

Oct 23: Data Breach: The University of Michigan said Monday that a computer hack is what caused the school to temporarily cut off the internet in August. About 230,000 people were impacted by the data breach, university officials said. The university detected suspicious activity on its computer network on Aug. 23. The campus network was then disconnected from the internet. data breach. Third-party experts helped the university investigate the incident and found that certain systems were breached from Aug. 23 to Aug. 27, exposing hundreds of thousands of people. The hack exposed the personal information of certain students, applicants, employees, alumni and donors. The compromised data includes social security numbers, driver's licenses, financial information and health information that could be used for fraud. (link)

Oct 20: Data Breach Lawsuit: Two more lawsuits filed against Gaston College allege that a data breach earlier this year exposed the personal information of more than 100,000 people. The lawsuits, filed by Ludenia Archie and Shaquasia Eppes, both former students, state that in the Feb. 21 cybersecurity incident, in which a hacker accessed sensitive files and posted them online, the names, Social Security numbers, and other private information of approximately 191,000 people was exposed. After learning of the hacking incident in February, Gaston College waited around six months to inform the people affected by the breach. (link)

Fraud & Ethics Related Events

Oct 12: Research Misconduct: Cassava Sciences, a biotech company whose work on the experimental Alzheimer's drug simufilam has been heavily criticized and is the subject of ongoing federal probes, has suffered another blow. A much-anticipated investigation by the City University of New York has accused a neuroscientist. CUNY faculty member, and longtime Cassava collaborator of scientific misconduct involving 20 research papers. Many provided key support for simufilam's jump from the lab into clinical studies and, given the CUNY report, some scientists are now calling for the two ongoing trials to be suspended. (link)

Oct 09: Unpaid Invoices: The University of Washington is behind on its bills. The UW has confirmed that over the summer they switched to a new accounting system and ever since, a number of suppliers haven't been getting paid. Suppliers told us they are getting fed up and want their money. We spoke with Dan Sharron, a business owner who told us the UW owes him nearly $200,000. Sharron does audio-video setup for the UW. He never had a payment issue until this summer, when the university switched its accounting system. Now he has several bills months past due. And he's not the only one. The UW told us it's currently behind on about 12% of its bills. That comes out to $69 million in unpaid invoices. (link)

Oct 02: False Claims Act Settlement: Stanford University, located in Palo Alto, California, has agreed to pay $1.9 million to resolve allegations that it violated the False Claims Act by submitting proposals for federal research grants that failed to disclose current and pending support that 12 Stanford faculty members were receiving from foreign sources. The United States alleged that on 16 grant proposals submitted to the Army, Navy, NASA and NSF, Stanford knowingly failed to disclose current and pending foreign funding that 11 Stanford PIs and co-PIs had received or expected to receive in direct support of their research. The United States further alleged that Stanford knowingly failed to disclose to the Army, Air Force and NSF that a Stanford professor received research funding in connection with his employment at Fudan University, a foreign public university and from a foreign government's national science foundation. (link)

Compliance/Regulatory & Legal Events

Oct 26: Transcript Withholding Policy: New federal regulations will limit colleges' and universities' ability to withhold transcripts from students who owe their school money. President Joe Biden's administration finalized regulations strengthening accountability measures for colleges and universities, including a new rule that will likely cut down on transcript withholding. Many institutions use the practice as a way to incentivize students into paying back debts owed to the school, but consumer advocates have called the practice unfair to low-income students. The federal government's new rules state that any school that receives and distributes federal financial aid may not withhold transcripts if the student owes funds due to an error committed by the college or university. (link)

Oct 24: Title IX Judgment: Jurors found Baylor University was negligent and in violation of Title IX in a federal civil trial in which a former female student alleged having been physically abused by a football player in 2014. Baylor alumna Dolores Lozano filed a lawsuit in 2016 claiming that the school's admitted campus-wide failures in addressing sexual violence put her at risk for assault, and that several university employees didn't adequately respond to her reports that a then-football player physically assaulted her three times in spring 2014. Jurors delivered the verdict Tuesday afternoon after starting deliberations midday Monday. They awarded Lozano $270,000 for the negligence claim but no financial award for the Title IX violation. (link)

Oct 19: NCAA Investigation: The NCAA is investigating the Michigan football program for allegedly violating rules that prohibit teams from scouting, in person, future opponents, industry sources told Yahoo Sports. The allegation pertains to NCAA Bylaw 11.6.1, which reads: "Off-campus, in-person scouting of future opponents (in the same season) is prohibited," sources say. The Big Ten Conference received notification from the NCAA that the organization is conducting an investigation into the Wolverines, a league spokesperson said. "Late Wednesday afternoon, the Big Ten Conference and University of Michigan were notified by the NCAA that the NCAA was investigating allegations of sign stealing by the University of Michigan football program," the Big Ten said in a subsequent statement released Thursday. (link)

Oct 18: Gender Discrimination: One of the country's largest public universities has entered into an agreement with the U.S. Department of Labor in which the employer will pay $575,000 in back wages and interest to resolve alleged pay discrimination identified in a routine compliance review. The review of Florida International University by the department's Office of Federal Contract Compliance Programs alleged that, from Aug. 1, 2017, to Aug. 1, 2018, the university paid 163 women employees less than men in similar positions. The institution's failure violated Executive Order 11246, which forbids federal contractors from discriminating in employment based on race, color, religion, sex, sexual orientation, gender identity or national origin. (link)

Oct 09: Covid Lawsuit: Michigan college students did not get what they paid for during the early days of the COVID-19 pandemic. That's the bottom line of lawsuits filed against nine state universities, claiming the students are entitled to a partial Pandemic Refund because their classes were moved from in-person to online to help stop the spread of the virus. The high court is hearing an appeal in the the lawsuits after lower courts ruled in the favor the universities. The case could ultimately affect roughly 220,000 students. (link)

Oct 05: Termination Lawsuit: Former Northwestern University football coach Pat Fitzgerald is suing the school for $130 million, saying his alma mater wrongfully fired him in the wake of a hazing and abuse scandal that has engulfed the athletic department. The announcement by Chicago-based attorney Dan K. Webb on Thursday comes nearly three months after Fitzgerald was suspended and then fired after 17 years as head coach of the Wildcats. Webb said that Fitzgerald would also be seeking additional money for "infliction of emotional distress," future lost income and punitive damages. The $130 million includes $68 million remaining in owed salary plus $62 million in future lost income, Webb added. (link)

Oct 04: Animal Research Compliance: The tan macaque with the hairless pink face could do little more than sit and shiver as her brain began to swell. The California National Primate Center staff observing her via livestream knew the signs. Whatever had been done had left her with a "severe neurological defect," and it was time to put the monkey to sleep. But the client protested; the Neuralink scientist whose experiment left the 7-year-old monkey's brain mutilated wanted to wait another day. And so they did. On September 13, 2018, she was euthanized, records obtained by WIRED show. This episode, regulators later acknowledged, was a violation of the US Animal Welfare Act; a federal law meant to set minimally acceptable standards for the handling, housing, and feeding of research animals. There would be no consequences, however. (link)

Oct 03: Clery Act Compliance: Liberty University failed to warn its Virginia campus community about safety threats, including from individuals accused of sexual violence, and systematically underreported crime statistics, according to a Washington Post report on the preliminary findings of a long-running federal investigation. The Post said it had obtained a preliminary and confidential report written in May by the Department of Education, which said last year it was reviewing Liberty's compliance with a federal law that requires schools to collect crime data and notify students of threats. Liberty repeatedly violated a law known as the Clery Act, according to the preliminary report. The federal law requires colleges and universities that receive federal funding to disseminate an annual security report to employees and students. (link)

Campus Life & Safety Events

Oct 30: Threat: Cornell University administrators dispatched campus police to a Jewish center after threatening statements appeared on a discussion board Sunday. Cornell President Martha E. Pollack issued a statement explaining there were a series of "horrendous, antisemitic messages" threatening violence against the university's Jewish community, specifically naming the address of the Center for Jewish Living. The Cornell University Police Department is investigating and has notified the FBI of a potential hate crime, she said. The content of the online threats appeared to be instigated by the ongoing Israel-Hamas war and sent chills through Cornell's Jewish community during the third week of the conflict in the Gaza Strip. (link)

Oct 27: Campus Speech: The 20-day-old Israel-Hamas war has generated a new level of activism on college campuses over the Israel-Palestinian conflict, according to experts. Instead of uniting for a cause -- ending apartheid, objecting to the Vietnam War or advocating for civil rights -- students are shouting down their classmates and holding dueling protests. The tumult has been fueled by an increasingly bitter social media landscape, along with dynamics that experts say are more nuanced than other controversies that have divided college campuses in the past. The surge in campus activism has left some students and their parents scared and triggered unyielding criticism and condemnation of how university leaders are handling the behavior. (link)

Oct 25: Hazing Lawsuit: Albert "AJ" Perez is a 6-foot-4 quarterback from Huntington Beach who spent his freshman year of college at Utah Tech University, a Division I program in St. George, Utah. He transferred to the University of San Diego over the summer and reported to preseason practice on Aug. 1. Eight days later, at about 11 p.m., Perez said players received a group text from veteran teammates ordering them to a "mandatory" event at a campus residence hall. It was the first of two hazing rituals that Perez says led to his abrupt departure from the football team and university. The lawsuit alleges a culture that has existed for years at USD and says that "several" coaches who had previously been players had participated in similar acts of hazing. "Further, it is believed that the head coach had knowledge of many of these offending acts," the lawsuit says. (link)

Oct 26: Campus Speech: Republican Florida Gov. Ron DeSantis's administration is taking the extraordinary step of ordering state universities to ban a pro-Palestinian student organization from campuses, saying it illegally backs Hamas militants who attacked Israel earlier this month. As Israel's attacks on Gaza have intensified, some college students have expressed solidarity with Palestinians, resulting in swift censure from some Jewish academics and even some prospective employers. But Florida has gone further, saying Students for Justice in Palestine is supporting a "terrorist organization." State university system Chancellor Ray Rodrigues wrote to university presidents Tuesday at Gov. Ron DeSantis' urging, directing them to disband chapters of SJP. (link)

Oct 22: Video Board Photo: Michigan State University apologized for images of Adolf Hitler that were displayed on the video boards at its football stadium before a game Saturday night. On Sunday evening, a university official said an unnamed employee was connected to the incident but didn't make clear whether was intentional or the result of lax oversight. "An initial assessment was conducted, and an involved employee has been identified and suspended with pay pending the results of an investigation," Alan Haller, a Michigan State vice president and its director of athletics, said in a statement. A photo of Hitler and the name of his birthplace, Austria, were show on video boards at Spartan Stadium as part of a pregame quiz before Michigan State was set to host No. 2 Michigan, the institution said. (link)

Oct 18: Hazing Ban Lawsuit: More than 30 members of the Boston College men's and women's swimming and diving team, whose season was indefinitely suspended after reports of alleged hazing in September, have filed a civil lawsuit and asked a judge to take action that would let them return to the pool. A lawsuit filed Tuesday by 37 unnamed members of the school's swimming and diving team says the university imposed an unjustified "blanket suspension" and ended the entire team's season before an investigation into the allegations was finished and before any findings were made. Among the allegations in the suit, the athletes say the university violated its own code of conduct system and deprived athletes of the right to defend themselves. The suit names university trustees, athletics director, and senior associate athletic director as defendants. (link)

Oct 17: Shooting: An investigation is underway at Jackson State University after a student was killed in a shooting on campus. A statement released by acting President Elayne Hayes-Anthony said Jaylen Burns was taken to a hospital from campus after reports of shots being fired at the University Pointe Apartment Complex, which is on the Valley Street side of campus. The shooting was reported about 10 p.m. Sunday. According to police, Burns apparently tried to drive himself to the hospital, but couldn't make it. JPD is assisting campus police with the investigation into the fatal shooting. (link)

Oct 16: Threat: A Fresno City College professor is facing charges after police say he allegedly threatened to shoot school staff and students. The Fresno Police Department says the professor was giving a lecture on August 15 when he made threats of shooting and killing the chancellor of the State Center Community College District. He also allegedly made comments about bullets flying towards students. After several students reported the incident, the man was put on administrative leave, and police began their investigation. Fresno City College's police department says they are concerned the man may pose a risk to staff and students. (link)

Oct 13: Harassment: Arizona State University police said it's investigating an incident on campus in which a queer faculty member was confronted and shoved to the ground amid a confrontation with members of Turning Point USA, a national conservative college organization, according to the Arizona Republic. ASUPD told the Arizona Republic that security footage shows two people following and filming David Boyles, a writing instructor at the university's English department, on ASU's campus. Turning Point USA posted a video to X, formerly known as Twitter, of members confronting and following Boyles--who attempts to ignore them and walk away--repeatedly asking him questions and accusing him of "being attracted to minors," having "fantasized about minors" and wanting "to push sodomy on young people." (link)

Oct 04: Shooting: A shooting interrupted a homecoming week celebration at Baltimore's Morgan State University on Tuesday, wounding five people and prompting an hourslong lockdown of the historically Black college. Students hunkered down for several hours, as police went room to room looking for suspects. No arrests were made. Police Commissioner Richard Worley said the five victims, four men and one woman, are between the ages of 18 and 22. Their injuries were not life-threatening, he told reporters at a news conference early Wednesday. Morgan State Police Chief Lance Hatcher said four of the victims are students at the university. The police did not release information about a suspect or suspects, and Worley said that investigators didn't know how many shooters were involved. (link)

Oct 02: Homicide & Fraud: A California college employee who fatally stabbed his boss on campus in 2019 was sentenced to life in prison without the possibility of parole, prosecutors said Thursday. The employee, now 55, pleaded guilty to murder in the killing at California State University, Fullerton, commonly known as Cal State Fullerton, the Orange County District Attorney's Office said. He attacked Steven Shek Keung Chan, a retired college administrator who had returned to work as a consultant, on Aug. 19, 2019. Prosecutors said they believe the man stabbed Chan to death because Chan had discovered he had stolen more than $200,000 from Cal State Fullerton through fake tutoring invoices. He pleaded guilty to murder and grand theft by embezzlement Wednesday, according to court records. (link)

Oct 03: Free Speech Lawsuit: California community college professors are suing state officials after new diversity, equity and inclusion (DEI) rules were implemented that they allege violate their First Amendment rights. The lawsuit, filed in August, contends the rules "mandate viewpoint conformity" and "force professors to endorse the government's view on politically charged questions regarding diversity, equity, inclusion, and accessibility." Six community college professors are challenging the new DEI rules, which would affect 116 community colleges and more than 1.8 million students. The professors are working with the Foundation for Individual Rights and Expression (FIRE). (link)

If you have any suggestions, questions or feedback, please e-mail Kevin Robinson at robinmk@auburn.edu or Robert Gottesman at gotterw@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site.

Back to top

---

© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Office of Audit, Compliance & Privacy is listed as the source.