A password-protected laptop computer containing personal information for an estimated 2,500 or more current and former Indiana State University students was stolen during the weekend, the university reported Tuesday.
While there is no evidence to suggest that password security was breached, the university is taking the precaution of notifying all affected students for whom it has current contact information.
The laptop contained data for students who took economics classes from 1997 through the spring semester 2008, estimated at more than 2,500 individuals. The information includes names, grades, e-mail addresses and student identification numbers. Beginning in 2003, use of Social Security numbers as student ID numbers was discontinued in favor of university-specific identification numbers.
Students affected may wish to contact any credit bureau to request that a fraud alert be placed on their account.
The theft occurred Saturday while the professor was traveling in southern Indiana.
The incident was reported immediately to the appropriate police agency and early Monday to university officials.
The extent of the information contained on the computer was not determined until Monday night.
Faculty and staff are being reminded that university policy prohibits the storage of private, sensitive data on portable computers. In addition, laptops provided to faculty are equipped with several security measures including encryption and a bio-metric fingerprint reader to prevent access by anyone other than the assigned user. Adherence to existing policies will safeguard personal information.
When asked if the faculty member whose laptop was stolen had violated university policy, Dave Taylor, director of media relations, responded, "It would appear so."
Asked if the faculty member faced any consequences, Taylor said, .That issue has not been addressed . I think the immediate concern right now is to get the word out to students. whose personal information was on the laptop.
Also, the university "wants to make sure policies are followed in the future rather than try to point fingers at any individual," Taylor said.
ISU is in the process of contacting affected students "if we have up-to-date addresses or e-mail addresses," Taylor said.
Since the student data goes back to 1997, it's likely ISU won't have updated contact information in all cases. "That's where the news media comes in. By getting the word out, students and former students can be made aware of this," he said.
About 500 ISU faculty members have laptop computers. The university is reviewing its procedures to ensure compliance with existing policies, said Interim President Jack Maynard, the university's provost and vice president for academic affairs.
The university will post a list of frequently asked questions about the use of personal information and security procedures on its Web site.
When faculty return for the 2008-09 academic year, "I think academic affairs and the office of information technology will do everything they can to remind faculty of the policy" with regard to private, sensitive data on portable laptops, Taylor said.
He suggests it's "highly unlikely" the person who stole the computer would be aware of the type of information it stored.