Three laptops containing the personal information of 1,400 Columbia affiliates were stolen Monday from university offices, administration sources tell Bwog.
Though details of the thefts are not yet being released, university officials confirm that Social Security numbers are among the sensitive data contained on the laptops. The computers were protected with passwords, but because the security of the laptops may have been breached, administrators are taking steps to inform affected undergraduates, alumni, employees, and prospective students about the incident via e-mail today. One undergraduate who received an email noted: “I’m not terribly surprised, given that it’s happened before, but at the same time, I can’t believe they let it happen again.”
“Because of the importance to affected individuals, I felt it was crucial that I, as dean, signed the letter,” Dean Michele Moody-Adams said to Bwog. “I take responsibility for ensuring that we respond effectively. An effective response requires strengthening the physical security of our spaces and continuing the process of encrypting data.”
Moody-Adams says the university has arranged for two years of credit monitoring for those individuals whose data was on the laptops. She adds that several other steps are being taken, including more encryption of sensitive information, establishing new security safeguards in administrative offices, and intensifying its scanning of computer equipment for security threats. An investigation into the thefts has also been opened by the NYPD, so details about how the thefts occured, what building the laptops were stolen from, and the exact number of affected undergraduates are not yet being revealed.
This is not the first breach of sensitive information for Columbia: Social Security numbers of some 5,000 Columbians were accidentally posted on publicly on a Google-hosted site accessible parts of the university’s Web site in February 2007. Student Services discovered the leak in June 2008, removing the sensitive data and offering credit monitoring services to those affected.
If you have been affected by this latest breach and wish to share your story, please contact the Editor (firstname.lastname@example.org). All efforts will be made to ensure your privacy, and to that end, Bwog will also be deleting comments that reveal personal information about anyone affected, including names, addresses, and UNIs. Updates and insight to come as information materializes.
@Anonymous How about something free, that works as well as lojack for laptops
@Anonymous The continued arrogance of Columbia (including the verbiage/weasel-wording, such as “…this unfortunate situation.” “We recommend that you…” that they used in their notification email/letter – btw sent ONLY to the minor students, not the legally responsible parents) is telling of their reckless disregard for the future of our best young people.
@Anonymous the solution is computrace(lojack for laptops) from absolute software http://www.absolute.com
@Depends on how smart the laptop thief is. It is easy to defeat laptop tracking if you know what you’re doing
@Columbia encourages students to electronically tag their laptops so that they can be tracked if stolen. Are we to presume that the administrative offices do not take the same precautions?
@As I recall, the very same type of breach occurred at the Veterans Administration a few years ago. Laptops were the culprit then as well.
@uh oh faahhhhkkk
@Anonymous Can we get some desktop computers please?
@Anonymous I am an incoming student. If I haven’t received the email, does that mean I’m not affected?
@Anonymous I found the answer on the Spec:
“Anyone who does not receive a letter or e-mail was unaffected by the break-in. Those who do receive the letters will be given more details on how to follow up, University officials said.”
@alum yay! another round of free credit checks for those affected!
@If I recall correctly, The credit monitoring company used last time was super-sketch, too.
@Refresher In the 2008 incident, the data was stored on a Google Docs sort of thing, not the university’s servers. I remember ’cause I was there!
@Eliza Got it, thanks!
@This is 2010 Nobody should be trusted with sensitive data if they can’t at least encrypt it. This is inexcusable.
@great one, CU best university in the world!