[ISN] State college in Colorado warns 93,000 after laptop theft

From: InfoSec News (isn@private)
Date: Mon Mar 06 2006 - 02:30:54 PST


http://www.computerworld.com/securitytopics/security/story/0,10801,109208,00.html

By Robert McMillan
MARCH 03, 2006
IDG NEWS SERVICE

A state college in Denver believes it may have lost sensitive
information on more than 93,000 students after one of the school's
laptop computers was stolen from an employee's home late last month.

The unnamed employee of Metropolitan State College had been using the
information, including student names and Social Security numbers, to
write a grant proposal, the college said Thursday. The data, which
appears to have been unencrypted, was also being used by the employee
to write a master's degree thesis, the school said.

The laptop was stolen on Feb. 25, but Denver police asked the school
to wait until March 1 to go public with news of the theft to help with
the ongoing investigation. Students who registered for Metropolitan
State courses between the 1996 fall semester and the 2005 summer
semester are now being notified of the incident via letter, the
college said.

Although there is no evidence that any of this data has been used for
identity theft, there are a number of unanswered questions related to
the incident.

One question is whether or not the sensitive information was actually
stored on the computer at the time of the theft, according to college
President Stephen Jordan. "The employee, does not recall whether he
had deleted those files from the laptop," he said in a statement.

A second question is whether the employee should have been storing
this type of data outside of school premises for the purposes of a
masters thesis. The college is "investigating whether the employee had
obtained permission ... to use the data in his thesis," the college
said.

The college is now reviewing its policies regarding laptops,
particularly related to unencrypted information, Jordan said.

The college Web site includes tips on avoiding laptop theft, and on
preventing stolen information from being used following such an event.

The college did not immediately return calls seeking comment for this
story on Friday.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Mon Mar 06 2006 - 02:43:25 PST