Stolen UCCS laptop sets student notification process in motion
University of Colorado at Colorado Springs information security officials recently notified 766 former students that a faculty member's laptop was stolen, and that the computer may have contained personal information such as names, grades and e-mail addresses. Of those notified, 241 learned that their Social Security numbers may have been stored on the laptop, too.
The laptop, which was stolen from the home of a UCCS faculty member during a suspected burglary, contained personal information for students who studied at UCCS between 2003 and 2009. UCCS police and information technology staff members are assisting Colorado Springs police in the investigation of the July 5 burglary. Two computers were stolen from the faculty member's home, police said.
Campus officials sent letters to affected students on July 23, advising them that the laptop contained class roster information such as names, student identity numbers, e-mail addresses, graduating year and grades for current and past students. No financial information was stored on the laptop.
However, officials said there is a possibility that Social Security numbers for 241 students enrolled before the summer of 2005 may have been stored on the laptop's hard drive. Beginning in 2005, UCCS stopped using Social Security numbers to identify students. University security officers said there is no indication that the theft has resulted in the unauthorized use of students' personal information. Even so, they are advising affected students to take steps to prevent identity theft.
Meanwhile, the mishap is providing CU security officers with the opportunity to remind faculty and staff on all four campuses of the importance of securing sensitive data stored on both desktop computers and laptops, smart phones, flash drives and other portable devices.
In addition to increasing campus awareness of the perils of not securing sensitive student and other information, UCCS will continue to work with all of the campus's departments to encrypt all identifiable personal data on university computers, said Jerry Wilson, the campus's executive director of information technology and chief technology officer.