By Erin Dostal
The Daily Northwestern
A laptop containing the Social Security numbers of Northwestern students
and alumni was stolen in late April from an employee in the Financial
Aid Office on the Chicago Campus.
"A letter has been sent to all of those students whose data may have
been accessed," said Alan Cubbage, vice president for university
relations. "There is no indication at this point that anyone's data has
Letters warning potential victims of the security breach were sent out
about 10 days ago, Cubbage said.
Because the laptop was stolen from a Chicago Campus employee, law and
medical students are the most affected, Cubbage said.
This is not the first breach of sensitive NU data. In May 2006, hackers
from outside the university accessed records containing the personal
information of about 17,000 NU alumni, students and faculty.
Thomas Gersic, who earned a master's degree from NU's School of Music in
2005, received the letter sent about two weeks ago. He said he wished NU
would be more careful with sensitive personal information.
"I was very upset about it," Gersic said. "I think that they had the
ample opportunity to learn from their mistakes and make some changes,
and they didn't."
Cubbage said the 2006 incident raised different issues than the more
"This is a very different set of circumstances," Cubbage said. "(This
time) an employee had her laptop stolen, which is the first time that
happened, at least with any kind of data like this on it."
Gersic said the letter sent out by NU officials suggested that potential
victims seek help from fraud departments of credit bureaus or go to the
Federal Trade Commission's Web site for more information. He said he had
already filed a fraud report.
Gersic started a Web site, www.northwesternprivacy.com, to petition
administrators to tighten their data security policies.
"I want two things," he said. "I think that they should provide credit
monitoring to those who are affected and that policy should be changed
so they're not storing Social Security numbers on unencrypted, unlocked
"Social Security numbers should only be kept in a centralized server,
encrypted and in a locked room."
Cubbage said that in cases like this, it is often the piece of equipment
the thief wants, not the information on it.
A police report has been filed with the Chicago Police Department.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com