Security and Crime News
Staff Uneasy - Personal Information of 15,790 University of Northern Colorado Employees Missing
That anger turned to rage Friday when she discovered that her husband's identity is at risk as well.
UNC officials announced Friday that beneficiaries of current and former employees are also at risk of identity theft. The news could potentially double the number of affected persons to more than 30,000.
On Thursday, UNC announced the missing hard drive contained the personal information of 15,790 UNC employees dating back to April 1997.
"I think it's terrible it happened here," said Tasciotti, 61, who worked in the UNC College Transition Center until 2002. "The first job of an IT department is to preserve and protect the data and people's privacy. I do everything I can to protect my identity, and they should have taken it just as seriously."
Tasciotti and her husband, Ken Edwards, 52, of Greeley, were among some 200 annoyed, incensed and seething students, employees, former employees and spouses who attended Friday's meeting at the University Center. The mood at the event was distinctly different from the first meeting Thursday evening as people vented and grilled Norton.
Among the concerns were the time and inconvenience of changing bank accounts, university security, how this will affect credit reports, and the timing of the news.
"We think it's worse that it wasn't hacking," Edwards said. "To think that someone was so negligent with our information."
The UNC Police Department is conducting a criminal investigation for the hard drive, said UNC President Kay Norton. She acknowledged that it appears the hard drive has been taken and is not just missing.
"As times goes by, it becomes less probable that it was in fact misplaced," Norton told the attendees. "So we have to assume the worst."
Officials declined to divulge details about the hard drive, such as the brand and model, or how the information could be extracted, saying they don't want to compromise the investigation. They did say it couldn't be accessed with common hardware of software.
When questioned about the possibility that someone in the UNC Information Technologies department might be responsible, Norton declined comment, again citing the integrity of the investigation.
"They were some defensive comments made that would allude to that, but I have faith in the investigation," said Larry James, former director of campus recreation from 1970-2002. "The main thing that concerns me is the lack of security. How could something like this happen?"
Norton said the university will not reimburse employees for charges to change bank accounts, but she did say that local banks have indicated that they are providing account changes free of charge.
In other developments, UNC has contracted Business Controls Inc., a corporate consulting, investigative and training firm specializing in internal security and risk management, to assist in the investigation.
According to its Web site, the company has "assisted thousands of companies in reducing costs associated with employee theft." The university will pay for these services from its reserve, Reynolds said.
Norton told the crowd that they can take a "bit of reassurance" that getting the information off the hard drive would be "complex technically."
The news hardly comforted Tasciotti.
"No one should take this lightly," Tasciotti said. "All you have to do is call your credit card company and bank to realize how serious this is. This follows us forever now."
Q & A
Q.) Who is affected by the missing hard drive?
A.) Anyone on the University of Northern Colorado payroll since April 1997, including full-time, part-time and student employees. Information on work-study students was also included on the hard drive. The hard drive did not store information on students who received financial aid but did not work on campus. Nor did the hard drive contain information on people who worked as contractors for UNC. Information on the missing hard drive included name, date of birth, Social Security number, address, bank account, bank account routing number and Bear number. The information could be used for identity theft, a crime in which thieves use your identity for such activities as opening bank or credit card accounts or getting a cell phone.
UNC is not aware of any attempts to use the missing data.
Q.) How can I tell if my information was included on the hard drive? And if my information is at-risk, who can help answer my questions?
A.) If you would like more information or have concerns relating to the possible unauthorized release of confidential and proprietary information at UNC, or if you believe that you may be a victim of identity theft, you may make a report or ask questions through a confidential and easy-to-use hotline and/or Web site. These inquiries will go directly to the appropriate individuals at UNC.
Q.) What should I do if my information was stored on the hard drive?
A.) You should contact your bank to let them know your personal information is at risk. Be vigilant on your bank statements. But it may not be necessary to put a fraud alert on your credit card accounts. The hard drive did not contain credit card information and placing a fraud alert on a credit card can lead to significant inconvenience. Just be vigilant on your credit card statements.
If there is unauthorized activity on your bank, credit card or other financial accounts contact UNC police at 351-2245 and let your financial institution know.
Q.) What can I do to protect my credit?
A.) Call one of the major credit reporting agencies to put a fraud alert on your credit report. The numbers are: Equifax (800) 525-6285; Experian (888) 397-3742; TransUnion (800) 680-7289. The organizations share the information, so you only need to call one agency, not all three. Do not call the general number. Use the numbers above. A fraud alert on your credit report tells creditors to contact you before they open any new accounts or change your existing account. There is no cost to put a fraud alert on your credit report.
Fraud alerts are active for 90 days and can be renewed. You may extend the alert to a seven-year alert by writing to credit reporting agencies.
Q.) Can I change my Social Security number?
A.) While it is possible to get a new Social Security number, it may create other problems with background checks and re-establishing credit. Also, credit reporting agencies may combine records of both numbers.
Q.) Which Web sites provide general information in identity theft?
A.) You can go to the following Web sites for more information:
© J. R. Roberts, Security Strategies