More than 7,000 are affected by stolen University of Virginia laptop
Technorati Tag: Security Breach
Date Reported:
4/16/08
Organization:
University of Virginia
Contractor/Consultant/Branch:
None
Victims:
Students, staff and faculty members
Number Affected:
More than 7,000
Types of Data:
Names and Social Security numbers
Breach Description:
"CHARLOTTESVILLE -- A laptop stolen from a University of Virginia employee contained sensitive information about more than 7,000 students, staff and faculty members."
Reference URL:
inRich.com
DailyProgress.com
Report Credit:
Brian McNeill, DailyProgress.com
Response:
From the online sources cited above:
A laptop stolen from a University of Virginia employee contained sensitive information about more than 7,000 students, staff and faculty members.
Stolen from an unidentified employee from an undisclosed location in Albemarle County, the laptop contained a confidential file filled with names and Social Security numbers.
"As soon as we learned about the theft, we starting moving as quickly as we could," UVa spokeswoman Carol Wood said.
UVa mailed out letters Monday to each person affected by the data breach.
The Albemarle County Police Department is investigating the theft.
At the police department’s request, UVa is releasing few details about the incident.
the theft did not occur on UVa’s campus
Investigators apparently do not believe that the personal information was the target of the theft, according to the letter from James Hilton, UVa’s vice president and chief information officer.
[Evan] This type of statement is very common in breach notifications and responses. I give very little weight to these statements because they are based on beliefs and feelings, not facts. The facts are that a laptop was stolen with confidential personal information stored on it which exposes the information to unnecessary risk of exposure.
"Although circumstances suggest the thief was not targeting this information and there is no evidence he or she has seen or is using your personal information, I am bringing this incident to your attention so you can be aware of signs of misuse," Hilton wrote.
Victim Reaction:
Brian Reed, a graduate student in UVa’s Curry School of Education:
"You hear all the stuff on the news about identity theft,"
"I had this moment of panic."
Reed said he was "frustrated" that a UVa employee would keep his personal information on a laptop.
Too many similar incidents have occurred at other universities and government agencies, he said, for UVa to store sensitive data anywhere other than on secure servers.
"This has happened many times before,"
[Evan] Mr. Reed may know more about risk and information security than the people responsible for it at the school.
Commentary:
Another stolen laptop containing confidential information. Due to the fact that there is no mention of encryption, I will assume that there wasn't any. What is the excuse? Does "circumstances suggest the thief was not targeting this information" work well enough for people? It certainly doesn't work for the people I work for or the people that work for me!
Past Breaches:
June, 2007 - Hackers download personal details of University of Virginia faculty members
Date Reported:4/16/08
Organization:
University of Virginia
Contractor/Consultant/Branch:
None
Victims:
Students, staff and faculty members
Number Affected:
More than 7,000
Types of Data:
Names and Social Security numbers
Breach Description:
"CHARLOTTESVILLE -- A laptop stolen from a University of Virginia employee contained sensitive information about more than 7,000 students, staff and faculty members."
Reference URL:
inRich.com
DailyProgress.com
Report Credit:
Brian McNeill, DailyProgress.com
Response:
From the online sources cited above:
A laptop stolen from a University of Virginia employee contained sensitive information about more than 7,000 students, staff and faculty members.
Stolen from an unidentified employee from an undisclosed location in Albemarle County, the laptop contained a confidential file filled with names and Social Security numbers.
"As soon as we learned about the theft, we starting moving as quickly as we could," UVa spokeswoman Carol Wood said.
UVa mailed out letters Monday to each person affected by the data breach.
The Albemarle County Police Department is investigating the theft.
At the police department’s request, UVa is releasing few details about the incident.
the theft did not occur on UVa’s campus
Investigators apparently do not believe that the personal information was the target of the theft, according to the letter from James Hilton, UVa’s vice president and chief information officer.
[Evan] This type of statement is very common in breach notifications and responses. I give very little weight to these statements because they are based on beliefs and feelings, not facts. The facts are that a laptop was stolen with confidential personal information stored on it which exposes the information to unnecessary risk of exposure.
"Although circumstances suggest the thief was not targeting this information and there is no evidence he or she has seen or is using your personal information, I am bringing this incident to your attention so you can be aware of signs of misuse," Hilton wrote.
Victim Reaction:
Brian Reed, a graduate student in UVa’s Curry School of Education:
"You hear all the stuff on the news about identity theft,"
"I had this moment of panic."
Reed said he was "frustrated" that a UVa employee would keep his personal information on a laptop.
Too many similar incidents have occurred at other universities and government agencies, he said, for UVa to store sensitive data anywhere other than on secure servers.
"This has happened many times before,"
[Evan] Mr. Reed may know more about risk and information security than the people responsible for it at the school.
Commentary:
Another stolen laptop containing confidential information. Due to the fact that there is no mention of encryption, I will assume that there wasn't any. What is the excuse? Does "circumstances suggest the thief was not targeting this information" work well enough for people? It certainly doesn't work for the people I work for or the people that work for me!
Past Breaches:
June, 2007 - Hackers download personal details of University of Virginia faculty members
Posts Atom 1.0
Comments