By Erin Dostal The Daily Northwestern
A laptop containing the Social Security numbers of Northwestern students and alumni was stolen in late April from an employee in the Financial Aid Office on the Chicago Campus.
“A letter has been sent to all of those students whose data may have been accessed,” said Alan Cubbage, vice president for university relations. “There is no indication at this point that anyone’s data has been accessed.”
Letters warning potential victims of the security breach were sent out about 10 days ago, Cubbage said.
Because the laptop was stolen from a Chicago Campus employee, law and medical students are the most affected, Cubbage said.
This is not the first breach of sensitive NU data. In May 2006, hackers from outside the university accessed records containing the personal information of about 17,000 NU alumni, students and faculty.
Thomas Gersic, who earned a master’s degree from NU’s School of Music in 2005, received the letter sent about two weeks ago. He said he wished NU would be more careful with sensitive personal information.
“I was very upset about it,” Gersic said. “I think that they had the ample opportunity to learn from their mistakes and make some changes, and they didn’t.”
Cubbage said the 2006 incident raised different issues than the more recent breach.
“This is a very different set of circumstances,” Cubbage said. “(This time) an employee had her laptop stolen, which is the first time that happened, at least with any kind of data like this on it.”
Gersic said the letter sent out by NU officials suggested that potential victims seek help from fraud departments of credit bureaus or go to the Federal Trade Commission’s Web site for more information. He said he had already filed a fraud report.
Gersic started a Web site, www.northwesternprivacy.com, to petition administrators to tighten their data security policies.
“I want two things,” he said. “I think that they should provide credit monitoring to those who are affected and that policy should be changed so they’re not storing Social Security numbers on unencrypted, unlocked computers.
“Social Security numbers should only be kept in a centralized server, encrypted and in a locked room.”
Cubbage said that in cases like this, it is often the piece of equipment the thief wants, not the information on it.
A police report has been filed with the Chicago Police Department.
Reach Erin Dostal at [email protected].