WASHINGTON – Nearly 40,000 students, alumni, faculty and staff at Georgetown University have been potentially exposed to identity theft after a hard drive containing their Social Security numbers was stolen from the office of student affairs on Jan. 3.
According to Vice President and Chief Information Officer for University Information Services David Lambert, the stolen hard drive was used to back up a computer that contained billing information for a number of student services, including student health care insurance.
Lambert was unsure if the hard drive was protected by a password. He added that the drive was not encrypted, which could result in unauthorized groups acquiring important information.
The university discovered the missing hard drive after employees returned to work after winter break. The school immediately contacted the Metropolitan Police Department, Department of Public Safety and the U.S. Secret Service. The drive had been locked inside Senior Business Manager for Student Affairs Lynne Hirschfeld’s office. The police report said the drive was taken sometime after Dec. 21.
The files in jeopardy include information about undergraduate students enrolled from 1998 through mid-2006. The files also include records on postgraduates enrolled during the same time period that were assessed financial transactions between the main campuses. Approximately 7,700 students out of 14,000 (55 percent) had their personal information on the missing hard drive. Additionally, around 25,000 alumni also had stored information.
The university will begin notifying students and alumni whose records have been compromised with a letter explaining the incident. The letter will also advise recipients to call a toll-free number provided by the university to confirm whether or not their Social Security numbers were released and what steps they can take to protect their identities. In addition, the university will answer individual questions during information sessions that will be held on campus.
A similar problem occurred in March 2006 when an attack on a server ran the risk of exposing the names, birthdates and Social Security numbers of approximately 41,000 elderly area residents whose information was kept for research. The university handled the situation in a similar fashion, such as a hotline and letters, to alert those involved.
In 1999, the school assigned GOCard numbers and NetIDs to students and faculty to prevent the use of Social Security numbers.
Currently, no suspects have been identified. According to the police report, the hard drive was valued at $100. Police are unsure whether the drive was taken for monetary purposes.