Professor's lost flash drive contained 16,000 Social Security numbers
Technorati Tag: Security Breach
Date Reported:
10/30/07
Organization:
University of Nevada at Reno
Contractor/Consultant/Branch:
None
Victims:
"incoming freshmen who enrolled in the fall semesters from 2001 through 2007"
Number Affected:
16,000
Types of Data:
Name, address and Social Security number
Breach Description:
A flash (or thumb) drive containing sensitive personal information was lost by a University of Nevada, Reno professor on October 19th, 2007 somewhere in downtown Reno.
Reference URL:
Reno Gazette-Journal Story
Report Credit:
Lenita Powers, Reno Gazette-Journal
submitted to The Breach Blog by a concerned reader
Response:
From the online article cited above:
"A University of Nevada, Reno professor has lost a flash drive that contained the names and Social Security numbers of 16,000 current and former students"
[Comfyllama] #1 - Why in the world does a professor need Social Security numbers?! #2 - What in the world is sensitive personal information doing on an unencrypted thumb drive?! This is terrible security behavior and an example of what not to do.
"The flash drive contained the information of incoming freshmen who enrolled in the fall semesters from 2001 through 2007"
[Comfyllama] All in the hands of a professor. I can picture it now, the professor calls out to his/her administrative assistant, "Jane, can you get me a list of all freshmen from 2001 through 2007? Please be sure to include Social Security numbers too."
"there has been no indication that the information has been accessed, but letters were sent to each of the students alerting them to the situation"
[Comfyllama] Nope, not yet.
"We also are providing students with access to an identity protection service for one year at no cost,"
[Comfyllama] I have said this before, this is a small remedy that does NOT solve the big problem.
"The portable computer storage device was lost Oct. 19 somewhere off the campus by an administrative faculty member who is not being identified"
"It's considered a personnel matter,"
[Comfyllama] Why? Is carrying personally identifiable information around downtown Reno on a thumb drive go against University of Nevada policy? There is no mention in the article about what the school's policy actually is or what they plan to do in order to make sure this doesn't happen again.
"University officials ask anyone who might have found it to call University Police Services at 784-4013"
[Comfyllama] I really, really hope someone would turn the thumb drive in, but I would be naive to think it will happen.
Commentary:
This is a terrible breach in security that should have never happened. What makes it worse is the device itself, the flash drive. We conducted a study earlier this year to determine what people would do if they find a thumb drive lying on the ground (in an office). A VAST majority threw the thumb drive into their USB port almost without hesitation. Curiosity is a very strong emotion. Shame shame.
Past Breaches:
Unknown
Date Reported:10/30/07
Organization:
University of Nevada at Reno
Contractor/Consultant/Branch:
None
Victims:
"incoming freshmen who enrolled in the fall semesters from 2001 through 2007"
Number Affected:
16,000
Types of Data:
Name, address and Social Security number
Breach Description:
A flash (or thumb) drive containing sensitive personal information was lost by a University of Nevada, Reno professor on October 19th, 2007 somewhere in downtown Reno.
Reference URL:
Reno Gazette-Journal Story
Report Credit:
Lenita Powers, Reno Gazette-Journal
submitted to The Breach Blog by a concerned reader
Response:
From the online article cited above:
"A University of Nevada, Reno professor has lost a flash drive that contained the names and Social Security numbers of 16,000 current and former students"
[Comfyllama] #1 - Why in the world does a professor need Social Security numbers?! #2 - What in the world is sensitive personal information doing on an unencrypted thumb drive?! This is terrible security behavior and an example of what not to do.
"The flash drive contained the information of incoming freshmen who enrolled in the fall semesters from 2001 through 2007"
[Comfyllama] All in the hands of a professor. I can picture it now, the professor calls out to his/her administrative assistant, "Jane, can you get me a list of all freshmen from 2001 through 2007? Please be sure to include Social Security numbers too."
"there has been no indication that the information has been accessed, but letters were sent to each of the students alerting them to the situation"
[Comfyllama] Nope, not yet.
"We also are providing students with access to an identity protection service for one year at no cost,"
[Comfyllama] I have said this before, this is a small remedy that does NOT solve the big problem.
"The portable computer storage device was lost Oct. 19 somewhere off the campus by an administrative faculty member who is not being identified"
"It's considered a personnel matter,"
[Comfyllama] Why? Is carrying personally identifiable information around downtown Reno on a thumb drive go against University of Nevada policy? There is no mention in the article about what the school's policy actually is or what they plan to do in order to make sure this doesn't happen again.
"University officials ask anyone who might have found it to call University Police Services at 784-4013"
[Comfyllama] I really, really hope someone would turn the thumb drive in, but I would be naive to think it will happen.
Commentary:
This is a terrible breach in security that should have never happened. What makes it worse is the device itself, the flash drive. We conducted a study earlier this year to determine what people would do if they find a thumb drive lying on the ground (in an office). A VAST majority threw the thumb drive into their USB port almost without hesitation. Curiosity is a very strong emotion. Shame shame.
Past Breaches:
Unknown
Posts Atom 1.0
Submitted by an informed reader:
"News 4 asked why the information was stored on a flash drive, and the University say while there was no specific policy against that, common sense dictated it should have never happened." - Source http://www.msnbc.msn.com/id/21544575/
If this ain't the quote of the day!
Reply to this
This has happened to some pretty important people as well. I have read in the news some time ago about some british laptop that was stolen or lost, containing information about some soldiers. I think it's ridiculous. What if my drug treatment plan was on some disk and got stolen and all my co-workers found this out? Can you imagine what this would mean to me?
Reply to this