Officials believe stolen computers contained social security numbers

In light of recent burglaries of two academic offices, university officials are notifying students, faculty and instructors that files on four stolen computers are believed to contain sensitive identity information.

According to a press release delivered Friday by Scott Rainone, assistant director of media relations, the potential number of identities involved could be more than 100,000 over several years.

However, the information is not easily accessible, and officials believe the computers were targeted for their resale value, not for any information they contained. There is no indication at this time that any of the information has been used, according to the release.

In late August, two Dell computers and monitors belonging to secretaries were stolen from the dean of the College of Communication and Information’s office. Two Dell computers and four monitors were stolen from the dean of the College of Fine and Professional Arts’ office.

Information on the computers included a database the colleges use to plan commencement lists, class rolls, instructor assignments and other academic functions. Other information included names, social security numbers and, for students, grade information. No financial information was involved.

As of Friday, officials were in the process of notifying all students, alumni, faculty and staff that may have been affected. The Office of Security and Compliance sent an e-mail with detailed instructions for accessing free monitoring services, as provided for under recent federal law.

The e-mail asks the recipient to be aware of any unusual activity involving his or her credit account. It also lists the numbers of three main credit agencies that can provide a detailed personal credit assessment. They are:

ƒ_› Equifax – 1-800-525-6285

ƒ_› Experian – 1-888-397-3742

ƒ_› Trans Union – 1-800-680-7289

In situations involving university theft, there are a small number of cases where the perpetrator will utilize the information they have stolen, said Greg Seibert, director of security and compliance. These cases include people who don’t know how to use the information they have stolen, or exploit it.

If a thief knows of Web sites that will buy and sell identities, then it would be fairly easy to exploit the names he or she has stolen, but in most campus-theft situations, the thief is only interested in the value of the stolen merchandise, Seibert said .

Preventative measures

University officials are doing everything they can to prevent a similar situation, including reviewing data availability and data security, said Ed Mahon, vice president of information services.

Only those with a “need to know” will have access to any protected information, he said.

“Activities include a combination of heightening user awareness and hardening the information infrastructure,” Mahon said.

Replacing the use of social security numbers is another step the university has been taking for several years to ensure that identity theft does not happen at Kent State.

The university is assessing the costs and benefits of upgrading its core administrative system, Mahon said. It is also weighing the trade-offs associated with completely replacing the university’s core administrative systems to that of just replacing the use of social security numbers, he said.

“In parallel with assessing our core administrative systems, we have embarked upon a three-pronged approach to reducing our exposure to the loss of protected information,” Mahon said.

This three-pronged approach includes:

ƒ_› Developing a user-education campaign to heighten the awareness of the importance of taking protective measures to secure sensitive faculty and staff information.

ƒ_› Continuing to strengthen the university’s information technology infrastructure with increased use of industry-wide hardware and software products.

ƒ_› Expanding the use of university-wide acceptable-use policies. These include policies that will govern appropriate use of information on computers and will also let people know what the university’s policies and procedures entail.

ƒ_› There are millions of records and archives on paper that have to be examined and taken into consideration, Seibert said. The university has been taking steps for years to eliminate the use of social security numbers all together, and it is not a process that happens overnight, he said.

ƒ_› Those with questions can e-mail the Office of Security and Compliance at [email protected].

ƒ_› A police investigation of the crime is continuing. Anyone with information about the theft should contact Kent State Police at (330) 672-3070.

Contact safety reporter Angie Prosen at [email protected].