[Vision2020] FW: UI Identity Alert

Saundra Lund sslund at roadrunner.com
Thu Jan 11 12:40:18 PST 2007


Visionaries:

This is the second time in under seven months we've been notified that
confidential information collected by the UI has been stolen, placing a
whole slew of people at risk for identity theft.  IMHO, that's not a very
good track record.  I see that they are just now taking some basic steps
that should -- IMHO -- have been taken long ago.

Very distressing  :-(


Saundra Lund
Moscow, ID

The only thing necessary for the triumph of evil is for good people to do
nothing.
- Edmund Burke

***** Original material contained herein is Copyright 2006, Saundra Lund.
Do not copy, forward, excerpt, or reproduce outside the Vision 2020 forum
without the express written permission of the author.*****

-----Original Message-----
From: Identity Alert [mailto:identityalert at uidaho.edu] 
Sent: Thursday, January 11, 2007 12:00 PM
Subject: UI Identity Alert

January 11, 2007


To Members of the University of Idaho Community,

I write to inform you of the recent theft of three desktop computers from
the University of Idaho Advancement Services office. The theft may have
compromised personal data of university alumni, donors, students and
employees. Please note, however, that at this time, we have no evidence that
your personal data has been misused because of the theft of these computers.

The theft occurred over the Thanksgiving holiday and the university
immediately reported the incident to law enforcement. At their request, to
help preserve the integrity of the investigation, the university has waited
to release information until given word to do so. We continue to cooperate
with the ongoing investigation by law enforcement authorities in an effort
to recover the stolen computers.

The university immediately launched an internal investigation to determine
the nature of the information on the computers. The investigation revealed
that six months prior to the theft the computer hard drives contained
datasets with names, addresses and Social Security numbers for approximately
70,000 individuals; they did not contain credit card or other personal
account information. As a precaution, the University of Idaho is making a
broad public notification about the computer theft to approximately 331,800
individuals. The larger number represents the total number of individuals
whose information may have been accessed by Advancement Services as part of
the office's work.

We deeply regret this incident and any worry or inconvenience it may cause,
but we want to assure you that the University of Idaho is strengthening its
processes for securing and storing sensitive data. The university is
following up its initial investigation with a complete review of its
electronic and physical security measures for Advancement Services and other
offices.

To assist you further, the University of Idaho has established a website
with additional information, including this public notice, answers to
frequently asked questions and links to other resources: 
www.identityalert.uidaho.edu. A companion telephone hotline is available at
(866) 351-1860.

We want to reassure you that we have no evidence that your personal
information has been misused due to the theft. We take our obligation to
safeguard personal information very seriously.

Sincerely,
Timothy P. White
President, University of Idaho


**** This is an automated email message. Please do not reply as this email
address is not monitored ***


PUBLIC NOTICE ENCLOSURE


How can I tell if my personal information has been compromised?

There is no evidence at this point to indicate that any information on 
the stolen computer hard drives has been accessed or used illegally. 
What the university's investigation has revealed is that-as of six 
months prior to the theft-the computer hard drives contained datasets 
with names, addresses and Social Security numbers for approximately 
70,000 individuals.

Only if the computers are recovered could we confirm whether the 
information for those 70,000 individuals was still on the computers, 
whether the computer hard drives held personal information for 
additional persons or whether any information on the computers had been 
accessed. Law enforcement efforts remain underway to recover the computers.


I haven't noticed any unusual activity on my accounts. What can I do to 
protect my personal information?

1. You should consider placing a fraud alert on your credit file. A 
fraud alert lets creditors know to contact you before any new accounts 
are opened in your name. Simply call any one of three credit reporting 
agencies listed below. The one call will let you automatically place a 
free fraud alert with all three of the agencies. Those agencies will 
then send you a letter with instructions for how to receive a free copy 
of your credit report from each agency.

Equifax: 1-800-525-6285 or www.equifax.com
Experian: 1-888-EXPERIAN (397-3742) or www.experian.com
TransUnion: 1-800-680-7289 or www.transunion.com

2. You should request a free credit report through one of the credit 
agencies or visit the Annual Credit Report Request Service on the Web at 
www.annualcreditreport.com.

3. If you do find suspicious activity on your credit reports, call the 
Latah County Sheriff at (208) 882-2216 to file a report of identity 
theft and contact the credit companies listed above. Get a copy of the 
police report, since you may be asked to provide a copy, along with 
other documentation, to help explain any issue with your records. More 
information about identity theft is available through the Federal Trade 
Commission's website: www.consumer.gov/idtheft.

4. Because Social Security numbers may be involved, we also recommend 
that you monitor your Social Security statement. The Social Security 
Administration website at www.ssa.gov/pubs/10064.html will explain how 
to address possible misuse of your social security number and how to 
review your statement.


What is the University of Idaho doing in response to this incident?

The university has taken immediate steps to investigate the nature of 
the data contained on the stolen computers, to notify individuals who 
may be affected, and to assess and improve upon its internal physical 
and electronic security.

As a precaution, the University of Idaho is making a broad public 
notification about the computer theft to approximately 331,800 
individuals. The larger number represents the total number of 
individuals whose information may have been accessed by Advancement 
Services as part of the office's work at the university.

The University of Idaho is following up its initial investigation with a 
complete review of its electronic and physical security measures for the 
Advancement Services and other offices. Among the other immediate steps 
being taken by the university: removing sensitive information from 
specific computing devices; installing encryption software on desktop 
and laptop systems that access sensitive information; enhancing physical 
and electronic security; and improving data management protocols


Where can I get more information?

Visit the university's resource website: www.identityalert.uidaho.edu or 
call the Identity Alert hotline at (866) 351-1860.


**** This is an automated email message. Please do not reply as this 
email address is not monitored ***





More information about the Vision2020 mailing list