Students, faculty, and staff at seven campuses of the California State University (CSU) system are at risk for identity theft after a hardware technician improperly disposed of a computer hard drive with unencrypted database tables that included Social Security numbers and other personal details. The CSU is required, under California law, to notify all affected parties.
The law, which went into effect last year, requires notification whenever personal data, such as Social Security numbers, driver’s license numbers or credit card numbers (with identification numbers) have been accessed without authority.
The university system’s hard drive has been missing since Friday, June 25th. The technician left the drive laying on a worktable after upgrading the computer from which it came. In a rush to start the weekend, the drive wasn’t properly secured, and come Monday, there was no sign of it. The drive was most likely picked up by the evening cleaning crew; however, the results of a police investigation was inconclusive.
Hard disks, like portable media, must be completely destroyed before being discarded. Using a security data deletion (wiping ) program such one that comes with the PGP data security program, would have prevented the data being recovered, even if the drive were reused.
Call for Comments
What do you think? Leave your comments below.