Laptop theft puts data of 98,000 at risk

The University of California, Berkeley, is warning more than 98,000 people that the theft of a laptop from its graduate school admissions office has exposed their personal information.

An individual stole the computer from the offices of the school's Graduate Division on March 11, the university said in a statement released late Monday. Roughly one-third of the files on the laptop contained names, dates of birth, addresses and Social Security numbers of 98,369 graduate students or graduate-school applicants, it said. The files go back three decades in some cases.

"At this time, the campus has no evidence that personal data were actually retrieved or misused," the university said in the statement.

No incidents of identity theft have been reported related to the incident, it added. However, UC Berkeley is urging affected individuals to consider putting a fraud alert out at credit reporting agencies.

The data loss follows a string of high-profile incidents in which the personal information of U.S. citizens was exposed, notably consumer data broker ChoicePoint's admission that it had been duped into selling personal information on about 150,000 individuals to possible fraudsters.

The incident is the second recent loss of sensitive information at UC Berkeley. In August, an attacker broke into computers there and gained access to 1.4 million database records containing identity data.

UC Berkeley said it has already made an effort to notify all of the individuals affected by the data loss, as required by California law, and that it has set up a Web site to help answer questions about the incident. Because some of the files go back to 1976, though, the school said that officials may have difficulty tracking down some of the people affected.

The stolen computer contained information on most people who applied to Berkeley's graduate programs between fall 2001 and spring 2004, excluding law school students. It also held data on graduate students enrolled at Berkeley between fall 1989 and fall 2003, and on recipients of doctoral degrees between 1976 and 1999, and some other groups of people.

School officials highlighted the fact that most colleges and universities use Social Security numbers to mark student records, but did not pledge to put an end the practice, as Boston College and other institutions have done. This month, Boston College vowed to stop using Social Security numbers wherever possible after hackers gained access to information on more than 100,000 alumni in a security breach.

UC Berkeley said it has already taken extra measures to prevent similar data losses, such as putting encryption software on computers that store Social Security numbers and increasing security throughout its facilities. The school launched a policy requiring encryption of sensitive data stored on mobile devices last year, but officials said that the school has yet to achieve full compliance with that measure.

Real Nice!

Why would you keep that sort of information on a laptop to begin with? Get a server and store it there. At least that's a *little more* secure, not to mention harder to walk away with.

[ZeroJCF]

Inexcusable

It is unbelievable that a school, especially one so esteemed, can let something like this happen. Who in the world puts sensitive information like that on a laptop?? That information should be put a secured server somewhere. This basically lets everybody know that CAL Berk is a joke when it comes to Data Security. They also say that they have not got everything in compliance in regards to data encryption?Nice try. But if my workstations need this done, then the ones with sensitive data (SSN) and also are ?mobile? get done first; Inexcusable. I would love to debate someone from their MIS dept. about how this happened. I would love to hear their excuses. Great school to get your CIS degree?..as long as it?s not in Security.

[Stating]

Eggheads And Ivory Towers

Thank goodness the smart people at Berkeley are informed about the risk of downloading sensitive, personal information from secure servers. And thank goodness they would never do anything so foolish as to build replicas of these databases in things like Excel and Access. And thank goodness they would never be so foolish as to take this information offsite to unsecured areas via laptops, CD ROMS, DVDs, or memory sticks. And thank goodness they would never load this sensitive information into their home computers. to work on it after hours. And thank goodness the rest of the workforce in this country is smart enough to avoid doing the same thing that the smart people at Berkeley do not do. And thank goodness there are severe legal penalties for foolish people who breach the public's security.

Keith
www.techcando.com

Fluke ?, URL

The woman I saw interviewed on tv the other night played it off as a total fluke--- (paraphrasing) "the computer was in a room that's pretty much always locked, but just happened to be unlocked at the time, and the computer was scheduled to have security software installed that afternoon, but didn't have it yet." Sounds like someone with an important job has become more than a little sloppy. Here's the site with number to call, though I haven't been able to get through yet.