[ISN] UCLA laptop theft exposes ID info

[InfoSec News]

http://zdnet.com.com/2100-1105-5230662.html

By David Becker 
CNET News.com
June 10, 2004

Representatives of the University of California, Los Angeles, are 
warning 145,000 blood donors they could be at risk for identity theft 
due to a stolen university laptop. 

UCLA's Blood and Platelet Center included the advisory in a letter 
sent last week to all who donated blood through the organization. 

Thieves broke into a locked van last November and grabbed a laptop 
with a database that includes names, birth dates and Social Security 
numbers for all blood donors, according to a university statement. The 
database did not include medical information other than blood type, 
according to the statement, and university officials did not recognize 
the significance of the loss and the potential for identity theft 
until the matter came up in a security audit last month. 

"We deeply regret any inconvenience this incident may cause our blood 
donors," Dr. Priscilla I. Figueroa, director of the university's 
Division of Transfusion Medicine, said in the statement. "We hope and 
trust that they will continue participating in our blood drives and 
making these lifesaving donations." 

The database was password-protected but not encrypted, according to 
the statement, which said the university was reviewing data security 
policies in light of the incident. 

Los Angeles police are investigating the theft, according to the 
university, and there is no evidence yet that information in the 
database has been retrieved or misused. 

University representatives said in a follow-up statement that a second 
laptop was stolen two weeks ago from the financial office of the 
University's health care division, putting personal information for an 
additional 62,000 patients at risk. 

Widespread use of laptops has presented an increasing risk for 
security theft, with lost or stolen devices potentially exposing data 
ranging from FBI secrets to tax records in recent years.