Loyola University has slowly pulled itself out of the financial trouble it struggled through during the 1990s.  With increased revenue to create new construction on its campuses, the last thing that the university needed was any sort of negative attention in the media.  Unfortunately, this is the situation that they now find themselves in after creating a data breach of their own making.  In a way quite different from a lapse in network security or having private information stored on a flash drive, Loyola simply threw out a hard drive that had not been erased.  Contained on the hard drive were the names, addresses, and social security numbers of 5,800 students.

The desk top computer was scheduled to be destroyed and replaced with a newer model.  One of the steps in the decommissioning process was to copy the contents of the hard drive over to the new machine and then delete the information stored on the old one.  This, however, was not the case.  No one realized the error until after the desk top had been discarded.  There has been no word on whether or not the company that took the old machine destroyed it or not.  A spokeswoman for the university, Susan Malisch, said that there was little chance that any of the sensitive information was accessed by anyone else.

Nevertheless, Malisch recommended that students be vigilant in watching their credit reports.  She said that the university will provide a year’s worth of free credit monitoring.  These types of subscription based ID theft services have become popular in recent years, with Lifelock holding a large share of the market.  The company maintains contacts at Equifax, Trans Union, and Experian.  Whenever a new credit card or loan application is processed through a bureau, Lifelock contacts its customer to make sure that they are the one actually filing the paperwork.  If it the person is not involved, the application is stopped and noted as fraudulent activity.

Most of the 5,600 students were undergraduates, although there was information about a few graduate students also contained on the hard drive.  Letters were sent out to all affected students alerting them about the free credit monitoring services and other steps they should take to protect themselves.  Loyola has said that it will review all of its policies and procedures regarding electronic storage to make sure that future breaches of this type do not take place.  There is a discussion about whether or not an outside consulting company should be brought in to review the policies or if an internal audit will catch all the flaws in the current system.  The computer that was discarded was being used by the Information Technology Services Department when it was designated for replacement.

Tags: lifelock, Loyola University

This entry was posted on Friday, August 29th, 2008 at 12:26 pm and is filed under Individuals, School Breaches. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.