Cornell Security Breach Leaves 45,000 at Risk of Identity Theft

Dave_Berry · 06-24-2009, 01:08 PM

This afternoon, Cornell alerted over 45,000 current and former members of the University community that their confidential personal information — including name and social security number — had been leaked when a University-owned computer was stolen.

Security Breach Leaves 45,000 at Risk of Identity Theft | The Cornell Daily Sun

tokenadult · 06-24-2009, 01:24 PM

Quote:

Originally Posted by Cornell Daily Sun

The files storing the sensitive information were being stored on a computer that was not physically secure, violating University policy and subjecting the computer to theft.

No Cornell employee should ever have put the files there. That's very bad security practice.

JBVirtuoso · 06-24-2009, 06:02 PM

Yeah, well, 20/20 hindsight. I'm glad that institutions and governments are always quick to inform the public about these events, as it makes other entities more aware of future security threats.

I think that after a while here, we'll all have our social security numbers leaked. I know that some huge state databases were leaked in Ohio, and I've heard little about identity theft from that.

RedDagger · 06-24-2009, 08:04 PM

Yeah.. So I definitely got an email from Cornell yesterday notifying me that my information was on that computer.. They did however offer a very sincere apology, as a consolation...FML

CoolCalculator · 06-24-2009, 09:32 PM

what did the email say?

SVMMom · 06-24-2009, 09:56 PM

Does this include applicants that were not accepted this year? They had all of the applicants info and put it into the system, don't know if it is then perged. My D has a guaranteed transfer, does this mean her info is still in the system?

RedDagger · 06-24-2009, 11:17 PM

Cool:

Dear Current or Former Member of the Cornell Community:

Last week, we learned that a Cornell-owned computer that was stolen
earlier this month contained your name and Social Security Number.
Please accept our most sincere apologies for this unfortunate event.

In order to inform you of this situation as quickly as possible, we
are sending you this email in advance of a formal notification via
U.S. mail.

The official letter will detail the services that Cornell is offering
you, at our expense, in response to this incident. There will also
be a toll-free number you can call for additional information and
assistance.

In the meanwhile, we urge you to visit a web site we have created
with frequently asked questions (an FAQ) about this situation and
some steps you can take yourself:

Cornell University - CUinfo - June 2009 Data Theft - Frequently Asked Questions

We will be updating this web page as more information becomes
available. It is, however, the official notification letter that
will contain the details about activating the services Cornell is
making available and whom you can contact with any questions or
concerns.

This incident underscores the need for ever more vigilant security
processes. Cornell University is committed to maintaining the
privacy of individuals' personal information and takes many
precautions to ensure its security. In response to incidents of
theft like this one, and the increasing number of Internet-enabled
computer attacks, the University is continually improving its systems
and practices.

Once again, please accept our apologies for this incident. We deeply
regret any inconvenience it may cause.

Thank you.

Polley A. McClure
Vice President for Information Technologies
Cornell University

Steven J. Schuster
Director, IT Security Office
Cornell Information Technologies

SVM, I would think this could possibly affect your D, but I'm not sure. They stated that they have sent an email to EVERYONE that this affects, so I would have your D maybe check her email, and if something doesn't come in the mail pertaining to it in the next week or two, I would think you're off the hook.

vivace13 · 06-25-2009, 12:14 AM

The FAQs on CUinfo are helpful. If you did not receive an email, you are ok.

screwitlah · 06-26-2009, 01:39 AM

lol what sort of computer stores ONLY name and SSN? Why not the whole lot, addresses, telephone numbers, dates of birth, etc? Is there something Cornell's not telling us? Note that the spokesman said:

"Moss said that the data on the laptop contained “no other sensitive data elements” besides names and social security numbers "

Maybe other personal data were lost but they deemed it not "sensitive"?

toadstool · 06-26-2009, 08:51 AM

Which means that if one can use FAFSA to access IRS records, the total tax history of 45,000 people just became public record.

Tax data should not be a push button away from anyone with with a name and SS# who creates an account on FAFSA!