Nearly 40,000 Hoyas Affected By Lack Of Hard Disk Encryption.

Numerous students, alumni, staff, and faculty may be affected by the theft of a hard drive.  The external storage device contained the Social Security numbers of nearly 40,000 people, and was reported stolen earlier this month.  The device was unencrypted.


The external hard drive was used as a backup to a computer that contained billing information for a number of student services.  Backing up one’s data is an action that should be applauded, although it is apparent that this is one of those cases where doing something is worth doing well.


The most detailed article is being carried by The Hoya, Georgetown University’s student newspaper, available electronically and carrying the usual accoutrements for commentary and submitting to feed sites.  And what commentary!


As a university with a law school, several students (or former students?) are declaring their intention to sue the university, possibly getting a class?action lawsuit going.  Talk about teaching a man to fish.  Others are saying that the university should never contact them for donations; they’re that angry—their posts are anonymous, though.  Good luck with that.  And I don’t mean to be disparaging (well, perhaps just a little bit); university alumni lists don’t have a purge option, per my experience.  Another has stated that the information is being used maliciously and that he or she had lost approximately $20,000—some would call it a rumor, mostly because it was posted anonymously.  However, he (she?) goes on to state how he lost the twenty grand in a very detailed manner (supposedly all you need to close an account at Bank of America is a Social Security number, a date of birth, and a name.  What, no picture ID?  That’s…problematic, no?).    I trust this particular anonymous guy; something tells me a lot of people are going to be affected financially due to this particular data breach.  Other people are beginning to complain about ID theft as well.  One must take into account that the hard drive was stolen almost a month ago, so there was plenty of time for the thieves to paint the town red.


Some interesting commentary revolves around the fact that Georgetown University might be in breach of the California law that requires the public announcement of data breaches.  The reason for that is because the California law is not based on where the data breach happens to be; rather, the affected organization is supposed to announce the breach if one of the parties affected happens to be a California resident.  I’d say Georgetown University doesn’t have anything to fear even if they are in breach of the California law—unless they’re looking to open an L.A. campus.  Of course, I’m not a lawyer—I’m basing this on (numerous) episodes of Law & Order where one state extradites criminals from another state, and cops tug over jurisdiction.


What horrors.  A simple, managed data encryption service like AlertBoot would have made the above incident a moot point.  Heck, Georgetown University could have encrypted both the hard drive and the desktop computer it was hooked up to, just in case.  Instead, it looks like a $100 device will cost Georgetown quite a bit in alumni donations.  Someone had stated anonymously that he had donated $25,000 over the years, but that’s coming to an end.


And I bet GU won’t be getting love from current students who are affected by this incident, either.

Comments (0)

Let us know what you think