Sensitive information stolen in Weber State University break-in
Technorati Tag: Security Breach
Date Reported:
11/25/08
Organization:
Weber State University
Contractor/Consultant/Branch:
None
Location:
Ogden, Utah
Victims:
"those who rent post office boxes at the student union"
Number Affected:
69
Types of Data:
"sensitive information, including names, addresses and Social Security numbers"
Breach Description:
"OGDEN, Utah (AP) - Weber State University is notifying 69 people that their personal information may have been compromised in a recent theft."
Reference URL:
Standard-Examiner
Deseret News
Associated Press via KIFI Channel 8 News
Report Credit:
Sam Cooper, Standard-Examiner
Response:
From the online sources cited above:
OGDEN -- Weber State University is notifying 69 people that their personal information may have been compromised in a recent theft.
Police arrested one man and are looking for another in connection with two break-ins last weekend at the Shepherd Union Building, in which some personal post office box registration cards were stolen, along with approximately $1,600 in cash, three computers and a postal scale.
[Evan] Don't think criminals know that there is value in personal information? Think again. Why else would registration cards be stolen?
WSU computer security managers said the stolen computers do not have any sensitive information stored on them.
Thomas Tucker, 39, was booked into the Weber County Jail early Saturday, charged with felony burglary, felony receiving stolen goods and three driving offenses.
Tucker was arrested after police spotted a vehicle parked illegally in a campus lot.
[Evan] Word of advice to dumb criminals... Park your car legally if you have stolen goods in it.
The officer became suspicious when the vehicle drove off as the patrol car approached, so it was stopped.
[Evan] Another bit of advice. If you drive away as a police car approaches, it makes you look suspicious.
Inside the car, police found property linked to the break-in, including keys that allow access to the mail center in the union building, Kowalewski said.
Police are searching now for a second man, who Kowalewski described as the primary suspect in the break-ins.
He said one of the suspects was caught on tape. He said, "There's surveillance tape that shows at least one of the suspects in this crime."
When employees arrived at work on Monday, they discovered the computers and scale missing and called police.
The missing records were not noticed initially, but school officials acted quickly once they realized they had been taken, Kowalewski said.
"As the investigation proceeded, we realized these cards were also missing, then worked to put together a list of how many people were on these cards," he said.
School officials have identified 69 people whose information was stolen, and the university is contacting those individuals directly this week to alert them to the theft and provide guidance about steps they can take to prevent and respond to identity theft, Kowalewski said.
"Our number one priority is protecting sensitive information at all times," he said. "This is a precautionary measure and something we felt was important to notify the campus community about, the general community about, and of course the individuals that had information on these cards."
Kowalewski said the thieves used a master key to enter the building twice last week.
[Evan] The concept of using master keys for access is outdated and insecure. Master keys are easily copied despite the "do not copy" warning etched in the side.
The mail room was robbed sometime between 2 p.m. Thursday and 9 a.m. Friday, and the scheduling office was hit either late Friday night or early Saturday morning, Kowalewski said.
[Evan] We can assume that there was no alarm system and no security guard presence. At least there was surveillance.
While they were inside the union the second time, one of the thieves attempted to break into an ATM machine as well, he added.
Police and school officials are working to determine how the men obtained the master key, Kowalewski said.
"Neither one of these individuals have any ties to the university that we're aware of," he said. "These individuals are folks outside the university."
Anyone who has rented a post office box from the Shepherd Union Building mail center in the past eight years is encouraged to contact university at or 626-8080.
Commentary:
Physical spaces containing sensitive information (or equipment containing sensitive information) require better controls that master keys and CCTV surveillance. No access should be permitted during off-hours, and any exception must be logged.
Were the cards ever retrieved? There is no mention in the above referenced articles. It seems as though there is a better way to store senstive information rather than on registration cards.
Past Breaches:
Unknown
Date Reported:11/25/08
Organization:
Weber State University
Contractor/Consultant/Branch:
None
Location:
Ogden, Utah
Victims:
"those who rent post office boxes at the student union"
Number Affected:
69
Types of Data:
"sensitive information, including names, addresses and Social Security numbers"
Breach Description:
"OGDEN, Utah (AP) - Weber State University is notifying 69 people that their personal information may have been compromised in a recent theft."
Reference URL:
Standard-Examiner
Deseret News
Associated Press via KIFI Channel 8 News
Report Credit:
Sam Cooper, Standard-Examiner
Response:
From the online sources cited above:
OGDEN -- Weber State University is notifying 69 people that their personal information may have been compromised in a recent theft.
Police arrested one man and are looking for another in connection with two break-ins last weekend at the Shepherd Union Building, in which some personal post office box registration cards were stolen, along with approximately $1,600 in cash, three computers and a postal scale.
[Evan] Don't think criminals know that there is value in personal information? Think again. Why else would registration cards be stolen?
WSU computer security managers said the stolen computers do not have any sensitive information stored on them.
Thomas Tucker, 39, was booked into the Weber County Jail early Saturday, charged with felony burglary, felony receiving stolen goods and three driving offenses.
Tucker was arrested after police spotted a vehicle parked illegally in a campus lot.
[Evan] Word of advice to dumb criminals... Park your car legally if you have stolen goods in it.
The officer became suspicious when the vehicle drove off as the patrol car approached, so it was stopped.
[Evan] Another bit of advice. If you drive away as a police car approaches, it makes you look suspicious.
Inside the car, police found property linked to the break-in, including keys that allow access to the mail center in the union building, Kowalewski said.
Police are searching now for a second man, who Kowalewski described as the primary suspect in the break-ins.
He said one of the suspects was caught on tape. He said, "There's surveillance tape that shows at least one of the suspects in this crime."
When employees arrived at work on Monday, they discovered the computers and scale missing and called police.
The missing records were not noticed initially, but school officials acted quickly once they realized they had been taken, Kowalewski said.
"As the investigation proceeded, we realized these cards were also missing, then worked to put together a list of how many people were on these cards," he said.
School officials have identified 69 people whose information was stolen, and the university is contacting those individuals directly this week to alert them to the theft and provide guidance about steps they can take to prevent and respond to identity theft, Kowalewski said.
"Our number one priority is protecting sensitive information at all times," he said. "This is a precautionary measure and something we felt was important to notify the campus community about, the general community about, and of course the individuals that had information on these cards."
Kowalewski said the thieves used a master key to enter the building twice last week.
[Evan] The concept of using master keys for access is outdated and insecure. Master keys are easily copied despite the "do not copy" warning etched in the side.
The mail room was robbed sometime between 2 p.m. Thursday and 9 a.m. Friday, and the scheduling office was hit either late Friday night or early Saturday morning, Kowalewski said.
[Evan] We can assume that there was no alarm system and no security guard presence. At least there was surveillance.
While they were inside the union the second time, one of the thieves attempted to break into an ATM machine as well, he added.
Police and school officials are working to determine how the men obtained the master key, Kowalewski said.
"Neither one of these individuals have any ties to the university that we're aware of," he said. "These individuals are folks outside the university."
Anyone who has rented a post office box from the Shepherd Union Building mail center in the past eight years is encouraged to contact university at or 626-8080.
Commentary:
Physical spaces containing sensitive information (or equipment containing sensitive information) require better controls that master keys and CCTV surveillance. No access should be permitted during off-hours, and any exception must be logged.
Were the cards ever retrieved? There is no mention in the above referenced articles. It seems as though there is a better way to store senstive information rather than on registration cards.
Past Breaches:
Unknown
Posts Atom 1.0
Comments