Georgetown University Data Breach Receives Public Criticism
Laptop Security Blog Georgetown University Data Breach Receives Public Criticism
January 31st, 2008
Author: arieannaWho Breached: Georgetown University
Number Affected: 38,000
Information breached: personal information (unspecified) from billing data
How: hard drive theft
38,000 Georgetown University students, alumni and staff have been exposed to potential identity theft after an unencrypted hard drive (used for back-ups) was stolen from the Student Affairs office during the winter holiday break. The theft was realized on January 3rd, but students were not notified until this week. They claim this delay was the result of determining the nature of the information stolen from the original files on the desktop computer.
“That system contained an enormous amount of detailed information, all of which had to be reviewed in an attempt to determine what kind of information might have been on there. That process is very staff-heavy and takes a significant amount of time.” – David Lambert, VP and CIO for University Information Services
Students are having a difficult time rationalizing why this assessment would take as long as it did. The hard drive contained billing information for various student services. The breach affected 55% of current students at Georgetown as well as alumni who were enrolled between 1998 and 2006.
Georgetown experienced a large data breach in 2006 that affected 41,000 people. Lambert says that the University Information Services has been “developing an information security program… to protect confidential information.” It is interesting that this program is still in the development phase after two years.
The letter to students indicates that Georgetown is “actively reducing” the use of Social Security Numbers as student identifiers, assigning GoCard and NetIDs instead. However, it is unclear if SSNs were purged from the data files dating back to 1998.
If you scroll down the comments here, you can have a read at the email sent to all students. The comments are quite heated on this news article, nearly all critical of the way that the University has handled the situation. They would like to know how the situation came to be if the University was following the “best practices” it was claiming to uphold.
Via the hoya Tags: data breach, education, data security, it security, identity theft, security policy, breach, georgetown, georgetown university
Category: Data Breach, Education Security, Real Theft Reports | 
No Comments »