External hard drive stolen from Georgetown University
Technorati Tag: Security Breach
Date Reported:
1/29/08
Organization:
Georgetown University
Contractor/Consultant/Branch:
None
Victims:
Current and former students, faculty and staff from 1998 to 2006
Number Affected:
about 38,000*
*About 7,700 of the affected people are current students, 26,000 are Georgetown alumni, and 600 are current or former faculty and staff
Types of Data:
Names and Social Security numbers
Breach Description:
An external computer hard drive was reported stolen from a locked office within the Office of Student Affairs in the Leavey Center on the Main Campus on January 3, 2008. The hard drive contained sensitive personal information belonging to current and former students, faculty and staff.
Reference URL:
Georgetown University Press Release
NBC Channel 4 News story
ABC Channel 7 News story
Report Credit:
Georgetown University
Response:
From the online sources cited above:
Georgetown University today began notifying approximately 38,000 current and former students, faculty and staff that a recent computer theft may have exposed their personally identifiable information such as name and social security numbers.
An external computer hard drive was reported stolen from a locked office within the Office of Student Affairs in the Leavey Center on the Main Campus on January 3, 2008. Georgetown’s Department of Public Safety responded to scene and the incident remains under investigation by the District of Columbia Metropolitan Police Department.
Georgetown has also notified the U.S. Secret Service about this incident so that they may follow up as they determine appropriate.
A thorough internal investigation of the hard drive data has now determined that it included personally identifiable information for students enrolled and some faculty and staff from 1998 through 2006.
[Evan] Storing this much sensitive information on a mobile drive without encryption poses a significant, but unnecessary risk.
This incident is limited to this one hard drive and does not extend to other University systems and services where personal data may be stored or updated.
[Evan] One lost of stolen hard drive is enough in this case.
Of the impacted individuals, approximately 7,700 are current students from the Main, Medical and Law Center campuses, 26,000 are Georgetown alumni, and 600 are current or former faculty and staff, with the balance having a combination of multiple student, staff, or other affiliations.
At this time Georgetown has no evidence that personal data have been misused.
However, as a precaution, Georgetown is making every reasonable effort to notify all individuals whose personal information may have been exposed as a result of this theft and encouraging them to place a fraud alert on their credit reporting accounts.
In addition to mailings, Georgetown will be providing free credit monitoring to affected individuals, will hold campus information sessions and has established a toll free telephone number (1-) and a website (identity.georgetown.edu) to provide information and answer specific questions.
Commentary:
This is another case of lost or stolen mobile media with personal information WITHOUT encryption. Even though the hard drive was in a locked office, the mobility of the media and sensitivity of the information made physical security a moot point in this breach.
There are numerous better ways to store confidential information.
Past Breaches:
Unknown
Date Reported:1/29/08
Organization:
Georgetown University
Contractor/Consultant/Branch:
None
Victims:
Current and former students, faculty and staff from 1998 to 2006
Number Affected:
about 38,000*
*About 7,700 of the affected people are current students, 26,000 are Georgetown alumni, and 600 are current or former faculty and staff
Types of Data:
Names and Social Security numbers
Breach Description:
An external computer hard drive was reported stolen from a locked office within the Office of Student Affairs in the Leavey Center on the Main Campus on January 3, 2008. The hard drive contained sensitive personal information belonging to current and former students, faculty and staff.
Reference URL:
Georgetown University Press Release
NBC Channel 4 News story
ABC Channel 7 News story
Report Credit:
Georgetown University
Response:
From the online sources cited above:
Georgetown University today began notifying approximately 38,000 current and former students, faculty and staff that a recent computer theft may have exposed their personally identifiable information such as name and social security numbers.
An external computer hard drive was reported stolen from a locked office within the Office of Student Affairs in the Leavey Center on the Main Campus on January 3, 2008. Georgetown’s Department of Public Safety responded to scene and the incident remains under investigation by the District of Columbia Metropolitan Police Department.
Georgetown has also notified the U.S. Secret Service about this incident so that they may follow up as they determine appropriate.
A thorough internal investigation of the hard drive data has now determined that it included personally identifiable information for students enrolled and some faculty and staff from 1998 through 2006.
[Evan] Storing this much sensitive information on a mobile drive without encryption poses a significant, but unnecessary risk.
This incident is limited to this one hard drive and does not extend to other University systems and services where personal data may be stored or updated.
[Evan] One lost of stolen hard drive is enough in this case.
Of the impacted individuals, approximately 7,700 are current students from the Main, Medical and Law Center campuses, 26,000 are Georgetown alumni, and 600 are current or former faculty and staff, with the balance having a combination of multiple student, staff, or other affiliations.
At this time Georgetown has no evidence that personal data have been misused.
However, as a precaution, Georgetown is making every reasonable effort to notify all individuals whose personal information may have been exposed as a result of this theft and encouraging them to place a fraud alert on their credit reporting accounts.
In addition to mailings, Georgetown will be providing free credit monitoring to affected individuals, will hold campus information sessions and has established a toll free telephone number (1-) and a website (identity.georgetown.edu) to provide information and answer specific questions.
Commentary:
This is another case of lost or stolen mobile media with personal information WITHOUT encryption. Even though the hard drive was in a locked office, the mobility of the media and sensitivity of the information made physical security a moot point in this breach.
There are numerous better ways to store confidential information.
Past Breaches:
Unknown
Posts Atom 1.0
Comments