« Total Information Awareness & "The Lives of Others"
E-Mail From Aunt Accidentally Opened »
h1

Georgetown's Data Breach: Following up in Slow Motion

February 23, 2008

Just like in the olde days, when people know how to take their time...From Georgetown Hoya and Privacy.org: An external hard drive containing the Social Security numbers of 38,000 Georgetown University students, faculty, and staff was stolen from the university’s Office of Student Affairs, according to The Hoya, the university’s student newspaper.

The hard drive contained billing information for student services, and included data on 7,700 current students — over half the current student body — as well as information on alumni from 1998 to 2006 and many faculty members. The hard drive, which turned up missing Jan. 3, was kept in the office of Lynn Hirschfield, senior business manager for student affairs, The Hoya said. It said the hard drive was not encrypted.

You’ve all seen the statistics, and heard about the tens of millions, even hundreds of millions of people being effected by events like this. At this pace, the law of averages says that it’s eventually got to hit close to home. For me it finally did. I taught at Georgetown in the early 90′s, while many friends and colleagues were studying and/or employed there through the 90′s.

When I heard the news on the radio, I remember wondering who, of all those I knew, would get dinged by this.

Finally, more than 7 weeks after the incident, a letter from Georgetown’s Information Security Office (dated the 8th of February) shows up in my mailbox. That means that either the print date was fudged, and/or it spend a considerable amount of time in D.C.’s postal system purgatory.

7 Weeks, of which 2 may have been spent in transporting a letter as far as I can easily bike in 15 minutes and walk in an hour. That’s plenty of time for all kinds of untoward things to happen to one’s personal information on the open market.

Why, there oughta be a law… about the speed with which these incidents should be reported – by the officials involved, not by the student newpaper that broke the story while Georgetown’s administration played mum, 26 days after the fact.

To their credit however, Georgetown did do the one thing right – they’re coving the cost of fraud detection and protection. Oddly enough though, the deal they cut with the big 3 (Experian, et. al) doesn’t contain any mention of a credit freeze, just eternal diligence.

Close, but no cigar.

Posted in Consumer, Cryptography (the lack thereof), General incompetence, Identity Theft, Policy |

Leave a Comment