One Stolen Laptop Leads to Personal Data Risk for Nearly 100,000 at UC Berkeley - 1,343 Views, 2 Comments
|
Previous Article « Wifi Chips Used for Tracking Location of Assets
Read Next Article » The Once and Future Spam King: Scott Richter Files Bankruptcy on Microsoft, But Don’t Count Him Out Yet
Quick, what would you say is the most obvious way for data to end up in the wrong hands? If you said “having the laptop on which it resides stolen”, give yourself a pat on the back. Now quick, what is one of the most preventable forms of data theft? If you said “having the laptop on which it resides stolen”, give yourself another pat on the back. You’re obviously much smarter than those in charge at U.C. Berkeley. More on that after the following rant. It is just plain stupid, some would even argue negligent, to allow a laptop to be stolen! And yet daily, across the country and around the world, there can be no doubt that hundreds - perhaps even thousands - of laptops containing corporate and even sensitive information, are left unguarded in coffee shops, airports and hotels, to name but a few places. It’s bad enough that people don’t take care to ensure that strangers can’t read their laptops over their shoulder when they are working in a public place on sensitive data. But to walk away from that laptop while you go to get another Double Decaf Vente Brainchillacino is just..at the risk of sounding redundant..stupid. And let’s be real - it isn’t just public places which harbour people ready to steal your data given half an opportunity. Case in point: didn’t we just learn about people who gleefully hacked in to the admissions data for some of the top business schools in the country? And about other universities which have recently had their students’ personal data compromised? Well, not to be outdone, U.C. Berkeley - always a school game for one upmanship - managed to let a miscreant lift a single laptop which contained 98,000 records of graduate students and graduate program applicants. As much as three decades worth of such data, all sitting on a single laptop. Correction: a single, unattended laptop. Ouch. According to a statement made by U.C. Berkeley, “The computer was stolen March 11, 2005, when an individual entered a restricted area of the Graduate Division that was momentarily unoccupied.” “Momentarily unoccupied.” Like the brain cavity of the person responsible for keeping the data secure. They then go on to reassure that “We have taken immediate steps to increase our security against thefts and break-ins, and to ensure that our computers and databases are secure.” Oh good. I know that if I were a U.C. Berkeley graduate student, alumni, or applicant, I’d feel much better. Wouldn’t you?
Follow Anne on
Twitter 
Friend Anne on Facebook
One Stolen Laptop Leads to Personal Data Risk for Nearly 100,000 at UC Berkeley
Twitter Explained in Plain English
Previous Article « Wifi Chips Used for Tracking Location of Assets
Read Next Article » The Once and Future Spam King: Scott Richter Files Bankruptcy on Microsoft, But Don’t Count Him Out Yet
Read more:
» Laptop Stolen and Compromising Data of Nearly 100,000 Alum from U.C. Berkeley Recovered
» Lawsuit Filed Against CardSystems Over Hack and Leak
» Help Wanted: Hack Our One $100 2B1 Laptop Per Child Laptop
» Biggest Bank Breach Beleaguers Bank of America, Others
For additional similar stories check out our archives on Security
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
Quote:
“We have taken immediate steps to increase our security against thefts and break-ins, and to ensure that our computers and databases are secure.�
So they mean the restricted area now has a chain across the doorway in addition to the sign that says “Restricted Personnel only”.
Comment by ZacOz — 4/1/2005 @ 12:19 am
I was on that computer. The kicker is that I have a UC Berkeley student number. They did not have to use my social security number to ID my files. So in addition to lack of secure facility, lack of encryption there was lack of “need to know.” And when I phoned the attitude was “We don’t care, we don’t have to”
Comment by Dean — 4/13/2005 @ 1:28 pm