Forwarded from: "eric wolbrom, CISSP" <eric (at) shtech.net> http://www.twincities.com/mld/pioneerpress/news/local/15475291.htm By TAD VEZNER Pioneer Press Sept. 08, 2006 A pair of computers containing the personal information in some cases Social Security numbers of thousands of University of Minnesota students was stolen from a campus office. Now officials are scrambling to let past and present students know their identities may be in danger. The computers, stolen in August from the desk of a program coordinator at the university's Institute of Technology, contained data on 13,084 students who joined the school as freshmen between the fall of 1992 and 2006. Files included such information as names, birth dates, addresses, phone numbers, the high school they attended, student identification numbers, grades and test scores, and academic probation. And, in hundreds of cases, Social Security numbers. University spokesman Daniel Wolter said the university's main effort is focused on contacting 603 past students whose Social Security numbers were stolen. But those students are the hardest to locate, Wolter added: Such numbers were taken in the earlier years of the program, when Social Security numbers were required, and the older students may have fallen out of contact. University officials began sending letters to students on Aug. 30 to notify them of the theft but five of six IT students contacted Friday evening by the Pioneer Press said they had not seen the letter, and had no knowledge of the theft. The computers were stolen overnight between Aug. 14 and Aug. 15 from the locked Lind Hall office of Ann Pineles, a program coordinator for the institute's lower division, or undergraduate, program. Pineles had the information stored on her hard drives. 'It's fair to say that's not standard operating procedure to have all that data on the hard drives,' Wolter said. 'But due to the size of the institution, its hugely decentralized structure (not everyone does that). 'It's one of those things where we need to do a better job educating people.' Wolter said he did not know why Pineles had the data on a hard drive, rather than a central, secure computer server. The university's written policy for computer security for drives with legally protected student information only requires that 'physical access to computers must be restricted,' Wolter said. He said there were no plans to discipline Pineles. Pineles, when contacted at home Friday, said only that 'it's just really been a bad day,' before hanging up. Peter Hudleston, the associate dean at the institute who signed the letter, said the computers were relatively new and valuable, and officials believe thieves were targeting the computers, not the data. University police had no suspects for the crime, Wolter said, adding that he was not sure whether there were signs of forced entry. October is cyber security month at the university, Wolter added. All staff will go through a mandatory data security training. _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Mon Sep 11 2006 - 01:43:51 PDT