Loss of card leads to potential identity theft.
From: Frank Butler, Executive Vice President for Finance and Administration
Cc: Bcc: Bradley Jay Luttrell
Date: 06/16/06 04:00 pm
Subject: Report on Theft of Personal Data
This afternoon, the university began mailing 6,500 current and formerstudents whose personal information may have been contained on afaculty member's computer drive that was stolen.I wanted to inform you about the incident and briefly discuss what stepswe are taking as an institution to mitigate the potential impact aswell as do everything possible to minimize future occurrences.
This incident was reported to UK police on May 26. A faculty member inthe School of Human Environmental Sciences reported that a "thumbdrive" - a small, detachable computer drive - was taken from aclassroom. The faculty member believes the drive may have containedclassroom rosters and personal data of students.It is impossible to tell how many students may have been impacted bythis theft.
The thumb drive, which contained more than 130 files, didnot match up completely with the professor's computer hard drive, whichhad class rosters and other information dating back to 1988. So, wehave decided to take the most cautious and conservative route andattempt to contact every student who was listed in some way on theprofessor's hard drive in his office.
First, this is a regrettable incident and we are deeply sorry that ithas occurred. We are doing everything possible to alert students andformer students who may have been impacted and provide them withinformation about how they can respond.
We believe that in the future the potential for such incidents will begreatly minimized as our new technology and information system - IRIS,the Integrated Resource Information System - is fully implemented. Inall, the university will have invested some $60 million in thistechnology upgrade.
The bottom line is that under IRIS, the use of Social Security numberswill be greatly reduced. As many of you know, students, faculty andstaff are assigned individual and unique identification numbers - not their Social Security numbers - to be used for class rosters, trainingand other campus activities.
Second, we are communicating with the campus about steps that can betaken in the short term to minimize the potential for additionalexposure or breaches of confidential information. Those steps include:
1) Our Information Technology (IT) department is conducting acomprehensive scan across the campus to determine where there areSocial Security numbers in use that might be publicly exposed in somemanner.
2) Additionally, as precautionary measures, IT advises: 1) a routinereview of credit card(s) and banking/financial institution(s)statements for any suspicious and/or unauthorized activity. 2) annuallyrequest a free copy of credit reports. You may do so by contacting aconsolidated credit report provider, such as AnnualCreditReport.comeither online at http://www.annualcreditreport.com or by calling1-877-322-8228. (3) review Web site on identity theft:http://www.consumer.gov/idtheft/
Third, and finally, we are forming a committee - composed of informationtechnology, legal and human resources staff - to examine the use andsecurity of Social Security numbers and make recommendations to betterensure that such information is safeguarded in the future.
We are not alone in this challenge. Since last year, 67 majoruniversities have reported extensive security breaches in one form oranother - many involving far more people than the incidents that haveoccurred at UK.
In an age and time in which vast amounts of information are continuouslystored and moved quickly and freely, we must take every step possibleto mitigate potential exposure and protect the confidentiality of ourstudents, faculty and staff.
At UK, we realize the anxiety and concern that such incidents cause. Weare moving quickly to minimize any negative impacts. As importantly, weare cting quickly and thoughtfully to ensure that we have systems andprocesses in place that limit such occurrences in the future.
EVPFinance and Administration