A backup hard drive at Western Michigan University is missing from earlier this year, since around January 25. The device held information on students, faculty, and staff. It was not revealed whether hard disk encryption like AlertBoot was used on the missing external hard drive, although the university has deemed the loss as a “low risk” incident when it comes to identity theft.
SSNs were Stored
The missing device contained names and SSNs for 600 current and former Western Michigan University students, faculty, and staff. WMU hasn’t received any notifications of ID theft in the six weeks since, so the university is carefully classifying the incident as low risk.
One should note that this quite a premature assessment. Social Security numbers are for life, so it really doesn’t matter when an ID thief decides to use them. Contrast this with credit card numbers:
A credit card could naturally expire
The same credit card numbers could be involved in another breach, meaning they won’t be valid for too long if someone else uses them
A person could decide to stop using credit cards because he found a better rate on a new one
The reasons for a credit card to stop being valid are myriad, so using them quickly only makes sense. SSNs? Some have compared it to fine wine: the longer you wait, the more valuable it becomes.
Think about it. The current economy stinks. No one is lending any money. While things might appear bleak, chances are things will start getting better. Between using it today, when conditions are less than desirable, and waiting, say, five years when the economy is better (one hopes), what makes more sense? Don’t forget, chances are that the 600 people will have more money five years from now (under the age of 60, people tend to make more money as time goes by).
This backup hard drive, which I’m assuming is an external, portable drive, ought to have been encrypted. The fact that SSNs were stored in it alone should have prompted someone to exhort the use of encryption software. If not disk encryption, at least file encryption should have been used on any electronic documents that contained sensitive information.
You know what would be really disappointing? If it turned out that the actual computers were properly protected with data security programs, but the backup drive wasn’t.
Related Articles and Sites: