June 6, 2008
Stanford alerts employees that stolen laptop had personal data
Stanford University determined yesterday that a university laptop, which was recently stolen, contained confidential personnel data. The university is not disclosing details about the theft as an investigation is under way.
The university is sending e-mails and letters to current and former employees whose personal information may be at risk, as well as posting information on the Stanford homepage at: http://www.stanford.edu, and notifying the media. Officials estimate that the problem could extend to as many as 60,000 people currently or previously employed by Stanford.
While the university has rigorous policies and guidelines designed to protect confidential information, events such as this demonstrate the need for heightened vigilance in this area. To that end, Vice President for Business Affairs and Chief Financial Officer Randy Livingston will lead a task force to review policies and practices regarding the safety and security of sensitive data.
Livingston said: “The university has guidelines that prohibit keeping sensitive information on unsecured computers. This effort will be redoubled after this incident.”
The message sent from Livingston to past and current Stanford employees is below.
June 6, 2008
Dear Stanford Community Member:
I’m extremely disappointed to let you know that a Stanford laptop, which contained confidential personnel information, was recently stolen. This matter has been reported to law enforcement.
In working to identify the information that was on the machine, yesterday we discovered that it had personnel records of current and former Stanford employees hired before September 28, 2007. Although you personally may not be affected, we are sending this email to everyone in the Stanford community.
We believe that the perpetrator of the crime was not seeking the records on the computer or even aware of them. Often, such thefts are property crimes in which the laptop’s hard drive is erased before the laptop is resold. While there is no evidence that any of the information on the stolen laptop has been accessed, the University is committed to taking steps to assist individuals whose personal data may be misused.
Stanford works very hard to secure the sensitive data entrusted to it by current and former faculty and staff. We are currently assessing appropriate steps to increase protection of this information. For additional information, see below. We sincerely apologize for this incident.
With deepest regrets,
Vice President for Business Affairs and Chief Financial Officer
Q & A
WHO IS AFFECTED?
While we are still trying to assess the categories of affected individuals, you may be affected if you received any paycheck from Stanford before September 28, 2007; this group includes faculty, staff and students who have been employed by the University in any capacity. (If you were hired by Stanford after September 28, 2007, your data was not affected.)
WHAT DATA WAS ON THE LAPTOP?
Personal information may include some or all of the following:
- First and last name, gender, birthdate
- Business title and office location
- Work and home phone numbers
- Stanford ID card number and Stanford employee number
There are no driver’s license numbers, credit card numbers, bank account numbers or other financial information.
WHAT IS THE UNIVERSITY DOING?
Stanford is working with law enforcement to recover the laptop. Stanford has alerted HR and the Computer Help Desk about this incident, and will scrutinize any requests for changes to passwords or personnel profiles. Stanford is committed to working with our affected community members to prevent identity theft as a result of this crime.
WHAT DO I NEED TO KNOW TO PROTECT MYSELF?
Affected individuals should review the information provided by California’s Office of Security Information and Privacy Protection, and specifically you will want to take a look at the checklist of actions and protections at: http://www.oispp.ca.gov/consumer_privacy/consumer/documents/pdf/cis3english.pdf.
Some of the specific recommendations from that checklist include requesting a free credit report from one of the three major credit bureaus – Equifax, Experian, TransUnion and http://www.AnnualCreditReport.com or by calling 1(877) 322-8228. By law you are entitled to one free credit report annually.
Additionally, Stanford is committed to providing enhanced safeguards against identity theft for affected individuals, but in the short time since we have become aware of this incident, we have not finalized arrangements for these safeguards. We will have services in place next week and Stanford is committed to assuming this cost. Further information will be accessible through Stanford’s Home Page, http://www.stanford.edu, and kept updated as more information becomes available. Please remember that you can obtain a free credit report today, as described above.
WHAT OTHER IDENTITY THEFT RESOURCES ARE AVAILABLE?
Additional resources include:
HOW CAN I RECEIVE MORE INFORMATION?
You can call (650) 736-0099 and leave your contact information for a return call. You can also go to the Stanford home page for updates or email firstname.lastname@example.org with your full name and date of birth.