Stanford alerts employees that stolen laptop had personal data
Stanford University determined yesterday that a university laptop, which was recently stolen, contained confidential personnel data. The university is not disclosing details about the theft as an investigation is under way.
The university is sending e-mails and letters to current and former employees whose personal information may be at risk, as well as posting information at http://www.stanford.edu/privacy, and notifying the media. Officials estimate that the problem could extend to as many as 60,000 people currently or previously employed by Stanford.
While the university has rigorous policies and guidelines designed to protect confidential information, events such as this demonstrate the need for heightened vigilance in this area. To that end, Vice President for Business Affairs and Chief Financial Officer Randy Livingston will lead a task force to review policies and practices regarding the safety and security of sensitive data.
Livingston said: “The university has guidelines that prohibit keeping sensitive information on unsecured computers. This effort will be redoubled after this incident.”
The message sent from Livingston to past and current Stanford employees is below.
June 6, 2008
Dear Stanford Community Member:
I’m extremely disappointed to let you know that a Stanford laptop, which contained confidential personnel information, was recently stolen. This matter has been reported to law enforcement.
In working to identify the information that was on the machine, yesterday we discovered that it had personnel records of current and former Stanford employees hired before September 28, 2007. Although you personally may not be affected, we are sending this email to everyone in the Stanford community.
We believe that the perpetrator of the crime was not seeking the records on the computer or even aware of them. Often, such thefts are property crimes in which the laptop’s hard drive is erased before the laptop is resold. While there is no evidence that any of the information on the stolen laptop has been accessed, the University is committed to taking steps to assist individuals whose personal data may be misused.
Stanford works very hard to secure the sensitive data entrusted to it by current and former faculty and staff. We are currently assessing appropriate steps to increase protection of this information. For additional information, see http://www.stanford.edu/privacy/faq. We sincerely apologize for this incident.
With deepest regrets,
Vice President for Business Affairs and Chief Financial Officer