<![CDATA[[SecurityRatty] tag: georgetown]]> http://securityratty.com/tag/georgetown Thu, 15 Feb 2007 19:07:35 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[Data breaches probed at Blue Cross, Georgetown]]> http://securityratty.com/article/09596c8c5881af3d1decf09ea9769285 http://securityratty.com/article/09596c8c5881af3d1decf09ea9769285 Wed, 30 Jan 2008 21:00:00 +0000 portable storage devices malicious attackers similar measures data laptops lot attention lag companies Data breaches probed at Blue Cross, Georgetown <![CDATA[External hard drive stolen from Georgetown University]]> http://securityratty.com/article/8caf9228f38a53b96786fc9c086723f4 http://securityratty.com/article/8caf9228f38a53b96786fc9c086723f4 Security Breach

Date Reported:
1/29/08

Organization:
Georgetown University

Contractor/Consultant/Branch:
None

Victims:
Current and former students, faculty and staff from 1998 to 2006

Number Affected:
about 38,000*

*About 7,700 of the affected people are current students, 26,000 are Georgetown alumni, and 600 are current or former faculty and staff

Types of Data:
Names and Social Security numbers

Breach Description:
An external computer hard drive was reported stolen from a locked office within the Office of Student Affairs in the Leavey Center on the Main Campus on January 3, 2008.  The hard drive contained sensitive personal information belonging to current and former students, faculty and staff.

Reference URL:
Georgetown University Press Release
NBC Channel 4 News story
ABC Channel 7 News story

Report Credit:
Georgetown University

Response:
From the online sources cited above:

Georgetown University today began notifying approximately 38,000 current and former students, faculty and staff that a recent computer theft may have exposed their personally identifiable information such as name and social security numbers.

An external computer hard drive was reported stolen from a locked office within the Office of Student Affairs in the Leavey Center on the Main Campus on January 3, 2008. Georgetown’s Department of Public Safety responded to scene and the incident remains under investigation by the District of Columbia Metropolitan Police Department.

Georgetown has also notified the U.S. Secret Service about this incident so that they may follow up as they determine appropriate.

A thorough internal investigation of the hard drive data has now determined that it included personally identifiable information for students enrolled and some faculty and staff from 1998 through 2006.
[Evan] Storing this much sensitive information on a mobile drive without encryption poses a significant, but unnecessary risk.

This incident is limited to this one hard drive and does not extend to other University systems and services where personal data may be stored or updated.
[Evan] One lost of stolen hard drive is enough in this case.

Of the impacted individuals, approximately 7,700 are current students from the Main, Medical and Law Center campuses, 26,000 are Georgetown alumni, and 600 are current or former faculty and staff, with the balance having a combination of multiple student, staff, or other affiliations.

At this time Georgetown has no evidence that personal data have been misused.

However, as a precaution, Georgetown is making every reasonable effort to notify all individuals whose personal information may have been exposed as a result of this theft and encouraging them to place a fraud alert on their credit reporting accounts.

In addition to mailings, Georgetown will be providing free credit monitoring to affected individuals, will hold campus information sessions and has established a toll free telephone number (1-866-740-2458) and a website (identity.georgetown.edu) to provide information and answer specific questions.

Commentary:
This is another case of lost or stolen mobile media with personal information WITHOUT encryption.  Even though the hard drive was in a locked office, the mobility of the media and sensitivity of the information made physical security a moot point in this breach.

There are numerous better ways to store confidential information.

Past Breaches:
Unknown

]]> Tue, 29 Jan 2008 12:54:12 +0000 sensitive personal information personal information georgetown georgetown university hard drive information georgetown alumni personal data data External hard drive stolen from Georgetown University <![CDATA[Show 011 - An Interview with Dorothy Denning]]> http://securityratty.com/article/be5d01c0b4aa985d9fa1be89ecbaef2c http://securityratty.com/article/be5d01c0b4aa985d9fa1be89ecbaef2c Dorothy Denning

On the 11th episode of The Silver Bullet Security Podcast, Gary talks with Dorothy Denning, a professor in the Department of Defense Analysis at the Naval Postgraduate School. Previously, Dorothy was a distinguished professor at Georgetown University and a professor at Purdue University. Gary and Dorothy discuss Dorothy’s involvement in the Clipper Chip controversy (which earned Dorothy the moniker “clipper chick”), the concept of geo-encryption, and a famous 1990 paper she wrote describing a series of interviews with malicious hackers.

]]> Thu, 15 Feb 2007 19:07:35 +0000 dorothy clipper chip clipper chip controversy moniker clipper chick clipper chick malicious hackers gary talks sur power walk professor Show 011 - An Interview with Dorothy Denning