On July 5, a faculty member at the University of Colorado at Colorado Springs had a home burglary which resulted in the theft of two laptops, one of which contained the information of 766 students. It hasn’t been revealed so far if the information was protected via the use of laptop encryption software.
The information included grades, names, and–for 241 students–their Social Security numbers. The data breach affects students who studied at the UCCS between 2003 and 2009.
It was noted in the embedded video at kttv.com that the university stopped using SSNs as student ID numbers back in 2005, which probably accounts for the low number of SSNs in light of the total number of students affected.
This brings to light two interesting questions:
Why did the faculty member have in his laptop SSNs from 4 years ago? If the UCCS did everything correctly, it shouldn’t have been there. Unless, of course, students who enrolled at the university in 2005 still were using their SSNs as student IDs. If that were the case, then they would have graduated this year on a four-year program…
This professor has been using the same laptop for six years? Makes me wonder what he teaches. Chances are it’s not related to computers…
What If Encryption Software Had Been Used?
Already, there are people commenting on how the information should have been on secure servers only. In fact, I’ve read a comment that states that the information should have been on “secure, non-portable servers.”
I’m not sure what that means because, the last time I checked, any computer of any size can be stolen. In a sense, they’re all portable (easily carried vs. movable/”carriable”). If you want something that’s not portable, you’d have to go back to 1970 when a “computer” was essentially a wired room; i.e., the room is the computer. Nobody wants that. A better solution may have been the use of whole disk encryption. This would have ensured the integrity of the data.
It’s very hard to blame the professor here. I mean, he didn’t have a laptop stolen from his pickup truck while he was playing a round of golf. The computer was stolen during a break-in. For all intents and purposes, the information on that computer was probably as well protected as it would have been in a locked room on campus.
People don’t actually think that campus buildings are always better protected than residential homes, do they? Here’s proof that they aren’t: thieves steal a mainframe computer (as close as it gets to non-portable computers) from a university campus (http://www.dallasnews.com/sharedcontent/APStories/stories/D99E9O001.html).
Related Articles and Sites: