No reports of suspected incidents of identity theft have been made following the theft of a College-owned laptop computer from a faculty member’s office. (For information about the Feb. 28 theft go to http://www.mscd.edu/~collcom/artman/publish/laptopmarch07_twv4030207.shtml).
So far, there have been 46 contacts from concerned current and former students made through either the toll-free number, 1-866-737-6622, operated by Business Controls Inc. or the Web site managed by the College’s Office of College Communications, www.mscd.edu/securityalert/.
The announcement about the theft was made Friday, March 2, and was made to the local media as well as through a personal e-mail announcement to students, an e-mail from President Stephen Jordan to all faculty and staff, a Special Edition of @Metro and a posting on Today @Metro on MetroConnect.
On Monday a letter from Jordan was sent to each of the 988 students whose names and Social Security numbers were on the stolen laptop, advising them of the theft and encouraging them to place a fraud alert on their credit report.
In his e-mail to faculty and staff, Jordan said that following last spring’s theft of a laptop from an employee’s home, it was mandated that all College reports or studies that access private student information, including Social Security numbers, were to be approved through the President’s Office.
At that time, the College contracted with Business Controls Inc. (BCI) to identify the critical areas of exposure and the steps needed to tighten system security.
Interim Vice President of Information Technology George Middlemist lists several steps the College has taken since BCI’s spring 2006 audit, including:
• Building a two-year Security Improvement Project, MetroProtect: Secure IT, which identified 359 security tasks, 108 of which have been completed and 45 that are underway.
• Began scanning all College-owned laptops in October 2006. To date, 25 percent of 400 laptops have been scanned and encrypted, starting with those laptops with the highest probability of containing sensitive information (Social Security and credit card numbers), such as those used by the Controller, Financial Aid and Human Resources. IT is currently scanning and encrypting 10 laptops a week.
• Restricted access to sensitive information to a limited number of authorized personnel.
• Implemented the College’s first student and employee password policy.
•Management Banner has been revamped so that College personnel can no longer print out Social Security numbers and the SSN field has been eliminated in areas where it’s not needed.
•So-called “outward facing” Web sites--those that can be viewed by the public--have been audited and secured so skilled computer hacks can't tunnel into secure sites.
In addition, two weeks ago the President’s Cabinet approved a policy that Metro State personnel are not allowed to save Social Security or credit card data to laptop computers, PDAs, Smart Phones, USB drives, CD/DVDs or diskettes. (See http://www.mscd.edu/~collcom/artman/publish/metroprotect_twv4022807.shtml.)
Jordan concluded that all Metro State employees are responsible for protecting the privacy of student information and asked that everyone adhere to College policy and work with IT on removing any personal student data from your system.
