Laptop theft compromises information of 8300 campus community members

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.pepperdine-graphic.com/headline/laptop-theft-compromises-information-of-8300-campus-community-members/

President Andrew K. Benton sent an email today informing the
university community that a laptop computer belonging to an authorized
university employee was stolen from that individual’s car. This laptop
had been used extensively in work related to the IRS, “and it
contained data dating back to 2008 involving as many as 8300
Pepperdine campus community members.” Approximately 75 percent of
these names belong to students.

The theft was reported to local law enforcement, and Pepperdine
immediately launched its own investigation into the matter.

While it is possible that the thief was solely looking for the laptop,
“we must prepare for the worst case scenario,” Benton wrote.
Pepperdine’s Chief Information Officer, Jonathan See, will send out a
more specific advisory within the next few days.

The laptop was not encrypted, according to Benton, and confidential
information stored on an unencrypted computer is subject to a
confidential information breach. The university is committed to
protecting the information of all community members and assures
members that this will not happen again.

In response to the potential loss of confidential institutional data,
Benton wrote that the university realizes that it needs to review its
policies related to technology, data storage and the reality of
increasingly sophisticated crime.

Pepperdine officials have identified all names that may be exposed,
and have created a tailored program to respond to this security
breach. The university has contacted identify theft experts to respond
as quickly and as accurately as possible. Very soon information will
be directed to each one of the 8300 individuals whose security has
been compromised.

Benton wrote on Dec. 7:

“I am writing merely to say that I am sorry this happened. I am also
sobered by the reality of losses like this that are certainly not
inevitable, but are not uncommon. The most important thing we can do
right now is to communicate what we know, and also to give timely and
thorough information to those individuals who have been impacted.

“We will learn something from this loss, and we will support those who
experience any impact from it.”
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.