Quotable ..... “ Insanity: doing the same thing over and over again and expecting different results. ” -- Unknown

This month we begin a deeper dive into each specific category from 2023 with a focus on Information Technology. IT risks are ever evolving so they require special vigilance. Last year we reported on a trend in this category, and this year we note that the trend continues.

Top 3 types of stories in the IT category 2020:

1. Data Breaches
2. Cyberattacks
3. Privacy Issues

Top 3 types of stories in the IT category for 2021:

1. Data Breaches
2. Cyberattacks
3. Privacy Issues

Top 3 types of stories in the IT category for 2022:

1. Data Breaches
2. Cyberattacks
3. Privacy Issues

Top 3 types of stories in the IT category for 2023:

1. Data Breaches
2. Cyberattacks
3. Privacy Issues

With that in mind, let’s review some ways to mitigate these risks.

Technology related risks are here to stay, but they are only one category of a vast tapestry of risks facing higher education. We again invite you to review the events of the prior month with a focus toward proactively managing risk in your area of influence. As always, we welcome your comments and suggestions.

M. Kevin Robinson, CIA, CFE
Vice President
Institutional Compliance & Security& Privacy
Follow us on X

Information Security & Technology Events

Feb 16: Data Breach: Leaders at Alabama A&M University released this statement to students and parents Friday, saying they are aware of several incidents of students’ social security numbers being compromised. "On Monday February 12, 2024, Alabama A&M University and its Administration was made aware of several incidents whereby students’ Social Security Numbers were potentially compromised. Alabama A&M University takes such incidents seriously and has initiated internal and external processes to investigate this matter." They claim they’re launching an investigation into their cyber security. (link)

Feb 16: Data Privacy: The Virginia Military Institute Alumni Association has suspended several alumni who gained unauthorized access to member records in what the organization describes as a multiyear effort to divert donations away from official campaigns. The association also issued 10-year suspensions to four alumni whose "VMI Ranks" member portal logins were used to scrape the email addresses of more than 6,000 of its 20,000-plus alumni members. Harvesting alumni email addresses violated the terms and conditions of the alumni information portal and warranted the suspension, according to an alumni association memo. (link)

Feb 08: Data Breach: Connecticut College has brought in cybersecurity experts to investigate a data security incident that might have compromised files in the college's computer system, including social security numbers. The college first detected unauthorized activity over a year ago in March 2023, according to a release from today. Afterwards, officials notified law enforcement and began an investigation into what personal information was involved in the breach. Social security numbers, credit files and medical information may be involved in the breach. The college "has no evidence that any personal information has been or will be misused as a direct result of this incident," according to the release. (link)

Feb 07: Cyberattack: The University of Central Missouri is investigating an attempted cyber breach that began Tuesday morning. Jeff Murphy, UCM director of communications and media relations, says the university is working with partners, including the state of Missouri, to resolve the incident. The university experienced connectivity issues on Tuesday morning that were addressed by the UCM Office of Technology. Systems were up and running before the end of the work day. (link)

Feb 05: Data Breach: On January 31, 2024, Emmanuel College filed a notice of data breach with the Attorney General of Maine after discovering that a cybersecurity incident affected the personal information of nearly 90k individuals. In this notice, Emmanuel College explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, medical records, financial account information and driver’s license numbers. Upon completing its investigation, Emmanuel College began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident. (link)

Fraud & Ethics Related Events

Feb 16: Occupational Fraud: A former administrator at the University of California, San Francisco was sentenced on Thursday to 20 months in prison for wire fraud, the United States Department of Justice said. The woman, 55, will also have to pay $1.5 million in restitution for diverting student tuition payments to herself. The administrator was the academic program officer for the UCSF School of Nursing’s Post-Master’s and Special Studies Certificate Programs. She told students to make tuition payments out to her, a merchandiser she purchased from, or to leave the payee line blank so she could write in her own name or that of an associate, the DOJ said. She then deposited the checks into her account. (link)

Feb 14: Financial Issues: Some Saint Augustine's University professors are cancelling classes after the university failed to fulfill paychecks in February. The university declined to comment Wednesday on problems balancing the books or how long it will take for staff to get paid. The university said it was not closed. However, students started receiving emails Wednesday from their teachers saying some classes were canceled. Interim President Marcus Burgess asked for understanding and patience in a message to employees. The email read, "Our current financial situation, or lack thereof, has significantly hindered the operations across our campus ... we are pursuing several opportunities around our greatest asset, our land." (link)

Feb 04: Research Security: Florida International University (FIU) has decided to terminate several partnerships with Chinese universities to adhere to a state law restricting public institutions' ties with "countries of concern." This move impacts various programs, including a dual-degree Spanish language program, engineering exchanges, and a prominent hospitality initiative. FIU's decision follows heightened scrutiny by Florida's Board of Governors, prompted by millions of dollars in gifts from Chinese institutions. The closures align with regulatory changes by the Florida Board of Governors and a law intensifying oversight of university partnerships and exchanges with specific countries, signed in 2021 and expanded in the subsequent year. (link)

Feb 01: Impersonation Scam: A paid internship scam cost a local college student thousands of dollars. Clayton Justice said he answered a job listing that appeared to have been posted by a Drexel University professor in October. It offered a paid internship as a research assistant. The Investigative Team reached out to Drexel University and a spokesperson told us that they were only aware of one incident involving the professor's identity. The university said it cannot "intercept outside emails" but it "reports incidents of fraud and cybercrime to the proper authorities" and "sends periodic emails informing the Drexel community of new cybersecurity threats." It was a warning that came too late for Justice, who said he wouldn't have received those warnings since he goes to a different college. (link)

Compliance/Regulatory & Legal Events

Feb 27: Discrimination Lawsuit: The University of New Mexico (UNM) is being sued in federal court due to the "hefty" security fee imposed on an event held by conservative students. The Southeastern Legal Foundation (SLF) filed a federal lawsuit against UNM for attempting to charge students over $5,000 in security fees for hosting women’s sports activist and former NCAA swimmer Riley Gaines as a speaker. The lawsuit was filed on behalf of the Turning Point USA chapter at the university and the Leadership Institute, an organization that supports conservative student organizations with event planning. Gaines being billed to speak for the TPUSA chapter prompted UNM to inform students that the event would require heavy security presence and provided an initial quote of over $10,000 to cover a security fee. (link)

Feb 24: Settlement: Four more prestigious universities have agreed to settle a two-year-old federal class-action lawsuit accusing them of colluding to fix the amount of financial aid they offered to students. Dartmouth College, Rice University, Northwestern University and Vanderbilt Universities will pay a total of $166 million to resolve the claims against them, according to a court filing on Friday. Dartmouth and Rice agreed to pay $33.75 million each. Vanderbilt will pay $55 million, and Northwestern has offered $43.5 million to resolve the charges. (link)

Feb 21: State DEI Legislation: A bill that would ban diversity and inclusion efforts in Alabama schools and colleges is moving quickly through the state legislature. SB129 would prohibit government institutions, including state agencies, public schools and colleges, from funding a diversity, equity and inclusion office and from sponsoring DEI programs or any program that "advocates for a divisive concept." At least eight of the state’s 14 public four-year universities have a specific office devoted to diversity and inclusion efforts. (link)

Feb 20: Religious Discrimination Case: An instructor at St. Philip's College who claimed he was fired last summer for teaching that X and Y chromosomes are the sole determinate of a person's sex now says via a statement from his attorneys that he's been rehired. Adjunct professor Johnson Varkey grabbed right-wing media headlines last summer when he alleged the Alamo Colleges District canned him for teaching "standard principles about human biology and reproduction." Varkey hired a self-described Christian conservative law firm that argued he'd been terminated for his religious beliefs. On Tuesday, the Liberty Institute -- Varkey's Plano-based law firm -- said Alamo Colleges reached a settlement to reinstate the instructor after he filed a claim with the U.S. Equal Employment Opportunity Commission. (link)

Feb 14: Lawsuit Settlement: The University of Colorado Boulder has reached a settlement agreement with a professor who filed a discrimination and retaliation lawsuit in June. CU Boulder Law Professor Paul Campos netted a low six-figure settlement. The university agreed to pay all his legal fees and permanently remove the Law School Dean as his supervisor. Both parties signed a dismissal of all claims on Tuesday. "I'm extremely happy," Campos said. "I got substantial compensation, and more important than that, I had [the dean] removed as my supervisor permanently." In the settlement agreement, CU Boulder denies any wrongdoing or responsibility. (link)

Feb 07: Lawsuit: The former president of Seton Hall University in New Jersey sued the school on Monday, accusing its former chairman of trying to intimidate him and sexually harassing his wife. In the lawsuit, the former president, Joseph R. Nyre, accused the former chairman of the university’s Board of Regents of a campaign of harassment. The lawsuit said the university board responded to his complaints with "gaslighting" and retaliation that eventually brought his employment "to a grinding halt." As a result, Mr. Nyre said, he resigned last summer after four years in the job. (link)

Feb 05: Employee Conduct: At first glance, it looked like [a professor] had outrun his past. The former professor resigned from the University of Wisconsin-Stevens Point Marshfield in 2022 after an investigation found he had sexually harassed students. He landed a new teaching job at a school district less than an hour away and had moved on. His former employer, however, had not. Five months after the professor quit, the UW Board of Regents took action against him and a UW System attorney called the district superintendent to share what had happened. The professor was suspended, then later resigned. The unusual steps taken in this case show how the UW System is taking a more aggressive stance against sexual misconduct in the #MeToo era. (link)

Feb 05: Lawsuit Updates: At least two University of Nevada, Reno faculty members are no longer with the university after filing federal lawsuits against the institution. Engineering Professor Feifei Fan said she was fired by UNR on Jan. 19. No reason or other information was provided. Another plaintiff, Communications Studies Professor Tennley Vik is also no longer with UNR, according to her attorney, after her case was settled. University officials confirmed her last day was Jan. 25. (link)

Feb 03: Title IX Regulations: A final ruling on updates to Title IX, the federal civil rights law prohibiting sex-based discrimination at federally funded schools, was sent to the White House Friday for review. Potential updates to the law could determine how schools respond to sexual misconduct and codify protections for transgender students. The Education Department sent the regulation to the Office of Management and Budget on Friday, and if approved, could unravel policies put in place under former Education Secretary Betsy Devos -- who narrowly tailored the definition of sexual misconduct, and made sure schools performed live hearings during investigations related to the matter. (link)

Feb 01: Discrimination Lawsuit: A man who applied for a job at the University of Utah is suing the school for alleged reverse discrimination in its hiring practices. In a complaint filed in the U.S. District Court District of Utah, Dr. Wyatt Felt claims the school passed him over for a job in the Mechanical Engineering Department because of the school’s diversity initiatives. Felt claims the University of Utah did not seriously consider him as a candidate because of reverse discrimination, as applied to his gender, race, and religion. He claims the university used demographic information obtained from his online application against him. According to Felt, the University of Utah claims that information isn’t seen by people in the hiring process. He further claims that the University of Utah has "an elaborate system for discriminating against applicants with Dr. Felt’s protected characteristics." (link)

Campus Life & Safety Events

Feb 26: Death on Campus: A suspect has been arrested in connection to the death of a Kentucky student who was found dead in his dorm room over the weekend at Campbellsville University, according to police. Josiah Kilman, 18, was discovered unresponsive in his Campbellsville dorm room around 1 a.m. local time Saturday morning and was transported to Taylor Regional Hospital, where he was pronounced dead, the university said in a press release. Kilman's body was transported to the Kentucky State Medical Examiner's Office in Louisville for an autopsy where the cause of death was determined to be asphyxia via manual strangulation, authorities announced in a press release Monday. (link)

Feb 23: Death on Campus: University of Georgia Police have identified a person of interest who is being questioned in relation to the on-campus death of 22-year-old Laken Hope Riley on Thursday, a UGA spokesperson said. "We want to stress that this continues to be an active ongoing investigation," spokesperson Greg Trevor said. Investigators have been scouring a wooded area on campus trying to find clues as to who may have killed Riley. She was found dead after jogging in the area. Riley was an Augusta University College of Nursing student at its campus in Athens, which is also home to the University of Georgia. (link)

Feb 21: Campus Conduct: San Jose State University placed a faculty member on leave following a heated scuffle involving pro-Palestine student activists during a guest speaker’s presentation on the Israeli-Palestinian conflict. A university spokesperson confirmed on Wednesday that an SJSU employee has been placed on administrative leave but did not name the employee. "That is all we are able to share, as it is a personnel matter," the spokesperson wrote. According to the San Francisco Bay Area office of the Council on American-Islamic Relations (CAIR-SFBA), the SJSU professor allegedly assaulted a student protester during the event. (link)

Feb 21: Campus Culture: The entire Bates College debate team, which has a storied history, has resigned, claiming an adviser obstructed their ability to maintain an inclusive culture and compete. The Bates Student, the college newspaper, broke the news of the turmoil within the debate program Friday then pulled the story to flesh out details before publishing a more complete version Tuesday. The move leaves the Brooks Quimby Debate Council, which traces its roots to the beginning of the college in 1860s, without a single participant. Nineteen members of the council signed an open letter Friday that announced their resignations and complained that an adviser had obstructed "the team’s ability to maintain an inclusive culture and compete." (link)

Feb 19: Homicide: A Colorado university student was arrested on murder charges Monday morning in the deaths of a fellow student and another person found fatally shot inside of a dorm room last week, Colorado Springs police said. A man, 25, of Detroit was captured by Colorado Springs police after he was located in a car, the department said on social media. An arrest warrant had been issued late Friday, hours after the bodies of a student and a woman were found in a University of Colorado Colorado Springs dorm. The school confirmed the suspect is enrolled in the university. The victims were found dead Friday at the University of Colorado Colorado Springs' Crestone House residence. (link)

Feb 12: Hazing: A fraternity’s national headquarters ceased all activities for a University of Michigan chapter after a video showing hazing circulated online. Alpha Epsilon Pi’s national office requested that its Ann Arbor campus chapter "cease and desist all chapter activities" on Feb. 8, according to the university’s Fraternity and Sorority Life department. The university was made aware of reported hazing at the fraternity and is currently investigating, UM spokeswoman Colleen Mastony said in a statement. (link)

Feb 11: Campus Climate: Students of color attending Pennsylvania’s public universities face racial harassment, feel unwelcome on campuses, and encounter racial stereotypes in classrooms, according to a new state report. The report, compiled by state Sen. Art Haywood (D., Philadelphia) and the head of Pennsylvania’s civil rights agency, is part of an ongoing advocacy effort launched in response to a 2020 Spotlight PA investigation. That story, "Condemn, Discuss, Repeat," found that although the state university system was recruiting and enrolling more students of color, many said they did not feel supported once on campus. The new report, the product of a statewide listening tour over the past two years, echoes those findings. (link)

Feb 08: Building Safety:: WRAL 5 On Your Side has independently received 101 reports of cancer and more than a dozen other reports of serious illness in people who spent time in Poe Hall. The previously busy building, home to North Carolina State University's College of Education and Psychology Department, closed in November after testing revealed high levels of PCBs, toxic chemicals linked to cancer. In the past week, several NC State employees have written to NC State leadership and the North Carolina Department of Health and Human Services, imploring both entities to investigate the cases of cancer and serious illnesses, according to email records sent to 5 On Your Side. Both have declined for now. Instead, the university says it is focused on an environmental study of the building. (link)

Feb 08: Hazing: A fraternity at Davidson College lost its charter after members admitted to hazing new members. A spokesperson for the local college confirmed with Channel 9 that the campus chapter of Sigma Phi Epsilon acknowledged it had hazed new members during the 2023 spring semester. The statement from Davidson College did not specify what the hazing entailed, but the Sigma Phi Epsilon National Board of Directors says they fully stand behind the decision. After going through internal accountability and appeals processes, Davidson College decided to suspend the chapter for five years. The Board of Directors formally revoked the chapter’s charter in alignment with the decision. (link)

Feb 08: Hazing: Nine people have been charged with hazing resulting in death after a fraternity pledge died in 2021 of alcohol intoxication. Two of the defendants have been awaiting trial since their arrests in 2022. Seven others were recently charged in the death of Phat Nguyen, 21. Three other pledges at the off-campus Pi Alpha Phi fraternity house were hospitalized with high blood-alcohol levels. The charges come as MSU announced a revised code of conduct for students. (link)

Feb 05: Campus Speech: Students at Northwestern University, in the Chicago suburbs, woke up on October 25 to face an unexpected allegation. "Northwestern complicit in genocide of Palestinians," declared the school’s venerable student newspaper, the Daily Northwestern, in a front-page story. The students, however, weren’t really looking at the Daily Northwestern. Instead, they had found the Northwestern Daily, a parody newspaper attacking the school’s stance on Israel’s war on the Gaza Strip. Overnight, someone had pinned the mock papers on bulletin boards, spread them on desks in lecture halls, and even wrapped the false front pages around roughly 300 copies of the Daily Northwestern itself. Following the investigation, local prosecutors brought charges against two students for theft of advertising services. (link)

Feb 01: Campus Speech: A "doxxing truck" sent by a conservative group arrived at the University of Colorado Boulder campus Tuesday displaying images and names of Ethnic Studies Department faculty members. The truck was spotted outside the Hale Science building while showing headshots of faculty members under the headline "Boulder’s Leading Antisemites." The campaign is being run by the Accuracy in Media group, and similar trucks have been spotted at campuses across the country since November. The campaign’s stop in Boulder comes after CU’s Ethnic Studies Department released a controversial statement in October expressing support for Palestinians during the ongoing Israel-Hamas war. The statement was later retracted and replaced due to concerns about its accuracy. (link)

Feb 01: Hazing Lawsuit: Like so many other 18-year-olds, Greenville native Benjamin Jaxson Lovelace arrived on the College of Charleston’s campus in the fall of 2022 excited to pledge a fraternity. But Lovelace’s enthusiasm quickly dissipated, replaced by anxiety and depression, according to a lawsuit filed Jan. 29 in Charleston County’s Court of Common Pleas. Members of the Iota Epsilon Chapter of Sigma Chi hurled "dish soap, sriracha, alcohol, mayo, and beer cans" at Lovelace and other pledges, the complaint states. They forced him to binge drink and smoke marijuana to the point of vomiting. The lawsuit, filed on behalf of Lovelace and his parents, seeks a $10 million award for actual and punitive damages from the defendants, including the College of Charleston, the Iota Epsilon Chapter of Sigma Chi fraternity, Sigma Chi International Fraternity and five undergraduate fraternity members who allegedly partook in hazing Lovelace. (link)

If you have any suggestions, questions or feedback, please e-mail Kevin Robinson at robinmk@auburn.edu or Robert Gottesman at gotterw@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site.

Back to top

---

© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Office of Audit, Compliance & Privacy is listed as the source.