Laptop stolen from the University of Connecticut affects 10,174 applicants
|
Date Reported:
8/19/10
Organization:
University of Connecticut
Contractor/Consultant/Branch:
None
Location:
Victims:
School applicants
Number Affected:
10.174
Types of Data:
"undergraduate admissions data, including applicants' contact information, Social Security numbers and other data"
Breach Description:
"WEST HARTFORD, Conn., Aug. 19 (UPI) -- A laptop computer stolen from a Connecticut university contained names and sensitive information on 10,174 school applicants, school officials said."
Reference URL:
United Press International
Associated Press via the Hartford Business Journal Online
Associated Press via Norwich Bulletin
Report Credit:
Associated Press
Response:
From the online sources cited above:
WEST HARTFORD, Conn., Aug. 19 (UPI) -- A laptop computer stolen from a Connecticut university contained names and sensitive information on 10,174 school applicants, school officials said.
[Evan] There is no mention of encryption in the news reports that I read, so I am going to assume that this laptop was not protected by encryption. It makes no security sense to store this sensitive information on a mobile device without encryption. It makes little security sense to store this information on a mobile device with encryption!
The computer stolen from the University of Connecticut's West Hartford campus contained undergraduate admissions data, including applicants' contact information, Social Security numbers and other data from 2004 through July 30, 2010
[Evan] In case you're paying attention, that six years worth of data; on a laptop.
The computer, stored in a cabinet in the information technology department, was noticed missing Aug. 3.
[Evan] There is no information about what physical security controls were in place to prevent and/or detect this breach, but there are obviously some significant vulnerabilities.
Officials said no one has tried to to break into university resources through the computer, and they don't think it was meant as identity theft.
[Evan] Nobody has used the laptop to access other university resources. This statement does not address the "university resources" on the laptop.
"The university is contacting, in writing, everyone whose name was on the computer, and is offering those individuals credit monitoring coverage for a period of two years at the university's expense," the school said.
Jason Pufahl, the school's interim chief information security officer, said campus officials "deeply regret" what happened.
"The university takes security of personal data seriously and is continuing its investigation to determine whether any university policies were not followed," Pufahl said. "The university will take corrective steps and, if warranted, disciplinary action."
University police were investigating the theft, the newspaper said.
University police were investigating the theft, the newspaper said.
"My office is investigating to determine the cause of this security breach - putting more than 10,000 applicants at risk for identity theft," Richard Blumenthal said.
Commentary:
This is a story of another poorly secured lost/stolen laptop containing sensitive information. How are these breaches still allowed to happen?
Past Breaches:
Unknown
Posts Atom 1.0
Comments