KSU faculty affected by stolen computer

Andrew Hampp

A laptop containing files including the Social Security numbers of 1,400 Kent State full-time faculty members was stolen June 12 from the Wal-Mart parking lot of the Severance Center in Cleveland Heights.

No student information was included.

The Cleveland Heights Police report identified the person who reported the laptop’s theft as Alvin Evans, who is associate vice president of human resources at Kent State. Among other duties, Evans is responsible for negotiating and bargaining with union employees, said Greg Seibert, director of security and compliance.

The university is now in contract talks with the American Association of University Professors, the union representing the faculty, and the American Federation of State, County and Municipal Employees, which represents university maintenance and food-service employees.

The laptop’s files dated back to 2001, so some of the faculty listed were no longer employed by the university, Seibert said. Of Kent State’s 5,000 employees, 1,400 faculty members account for nearly one-third of the university’s staff.

Cheryl Casper, AAUP President and economics professor, said the union has been contacted by a lot of concerned faculty members.

She said they have contacted the university to see about policies for handling sensitive data.

“If employees are going to use laptops, make sure they do so in a responsible way,” Casper said.

“I understand there may be circumstances where a university employee may be working on a university database away from campus, but leaving it in a car is questionable judgement.”

The theft was brought to Seibert’s attention June 13, and the police report was filed with the Cleveland Heights Police Department June 14. Letters to affected faculty members, advising them to place fraud alerts on their Social Security numbers, were drafted Wednesday, generated Thursday and mailed Friday, the day the university officially announced the laptop’s theft.

“Compared to a lot of our peers, that’s pretty speedy,” Seibert said. “The university, to their credit, did a great job in getting that information out in three days.”

After recent reports of identity theft that affected about 5,000 people at Cleveland State and 100,000 at UC Berkeley, Seibert said he feels lucky that Kent State’s number is small by comparison.

“That’s still 1,400 too many,” he said.

Seibert said he knew what information was contained on the laptop based on disaster-recovery documents acquired by the Information Services department. He said the laptop was likely stolen for its resale value and for purposes unrelated to the private data.

“I doubt whoever stole it even knows the information was there,” he said. “There’s no reason to say anyone was negligent at all.”

The laptop required a password, but the employee information was not encrypted.

“I think situations like this make us constantly look at our policies so Kent State’s information is protected,” said university spokesman Scott Rainone, who deferred most questions to Seibert.

Seibert said the Information Services department will now work even harder to improve the security of sensitive materials on university-owned laptops.

“We’re going to provide encryptions so anyone who has private data on a portable device is protected,” Seibert said. “We’re taking extra steps to let everyone know the university’s going to do everything they can.

“We take risks on a daily basis when we go driving. We have to unfortunately say there are some things we have to do, and that’s a risk we have to take.”

There are a limited number of officials at Kent State who have access to employees’ personal information, Seibert added. Some employees’ jobs require them to have this information readily accessible on a portable device they can take outside the workplace.

Evans could not be reached for comment.

Contact technology reporter Andrew Hampp at [email protected].