From: InfoSec News (alertsinfosecnews.org)
Date: Wed Apr 16 2008 - 01:27:41 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.dailyprogress.com/cdp/news/local/article/uva_laptop_stolen_had_sensitive_data/17976/

By Brian McNeill
Dailyprogress.com
April 16, 2008

A laptop stolen from a University of Virginia employee contained
sensitive information about more than 7,000 students, staff and faculty
members.

Stolen from an unidentified employee from an undisclosed location in
Albemarle County, the laptop contained a confidential file filled with
names and Social Security numbers.

"As soon as we learned about the theft, we starting moving as quickly as
we could," UVa spokeswoman Carol Wood said.

UVa mailed out letters Monday to each person affected by the data
breach. The university will publicly announce the incident today. The
Albemarle County Police Department is investigating the theft. At the
police department's request, UVa is releasing few details about the
incident.

Wood declined to say when the burglary occurred or which academic
departments were affected. She did say, however, that the theft did not
occur on UVa's campus.

Investigators apparently do not believe that the personal information
was the target of the theft, according to the letter from James Hilton,
UVa's vice president and chief information officer.

"Although circumstances suggest the thief was not targeting this
information and there is no evidence he or she has seen or is using your
personal information, I am bringing this incident to your attention so
you can be aware of signs of misuse," Hilton wrote.

Brian Reed, a graduate student in UVa's Curry School of Education, said
he received a letter notifying him that his personal information had
been exposed. He immediately notified the credit-rating agencies listed
in Hilton's letter and filed a 90-day fraud alert.

"You hear all the stuff on the news about identity theft," Reed said. "I
had this moment of panic."

Reed said he was "frustrated" that a UVa employee would keep his
personal information on a laptop. Too many similar incidents have
occurred at other universities and government agencies, he said, for UVa
to store sensitive data anywhere other than on secure servers.

"This has happened many times before," he said.

A laptop stolen in February from a National Institutes of Health
researcher may have contained medical records of 3,000 patients. Similar
incidents have been reported at the City University of New York and the
University of California, Berkeley.

The most recent data breach at UVa was discovered last June. An
investigation by UVa police and the FBI found that hackers had accessed
records of 5,735 faculty members on 54 days between May 20, 2005, and
April 19, 2007. In that case, the faculty members. names, Social
Security numbers and dates of birth were exposed. No credit card, bank
account or salary data was tapped.

Wood said that no one has reported an instance of identity theft in
connection with either last year.s privacy breach or the new laptop
theft.

The university has been phasing out its use of Social Security numbers
as a personal identification number, Wood said, and is constantly
reviewing and renewing its security procedures.

-==-
Let identityLoveSock take your personal information into
their wanting hands. http://www.identity-love-sock.com/
Because victims have money too.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]