Laptop theft exposes teachers to ID fraud risk

By Joris Evers
Staff Writer, CNET News.com Published: April 9, 2007 2:55 PM PDT

Tools

Related Stories: University probes possible data breach
April 4, 2007; T.J. Maxx hack exposes consumer data
January 18, 2007; Separating myth from reality in ID theft
October 24, 2005; Laptop theft puts data of 98,000 at risk
March 29, 2005

About 40,000 Chicago Public Schools employees are at risk of identity fraud after two laptops containing their personal information were stolen on Friday.

The computers were taken from the CPS headquarters, the organization said in a statement. The laptops belong to accounting firm McGladrey and Pullen and its subcontractor, who were reviewing contributions to the Chicago Teacher Pension Fund, according to the statement.

The computers contain the names and Social Security numbers of employees who contributed to the pension fund between 2003 and 2006, the CPS said. The data does not include addresses, dates of birth or any other personal information, it said.

A CPS official on Monday said the laptops had not yet been recovered. The official couldn't say if there are any indications that the hardware was stolen for the information that's on the machines, or because laptops are expensive, portable items that could be easy to steal.

A subject in the laptop theft has been identified, CPS said. Surveillance video was released to the media and a $10,000 reward offered for information leading to the arrest of the perpetrator or recovery of the stolen data.

There has been a string of data breaches in recent years, many of which were reported publicly because of new disclosure laws. Last week the University of California at San Francisco said a possible computer security breach may have put 46,000 campus and medical center faculty, staff and students at risk of identity fraud.

In 2005, UC Berkeley warned more than 98,000 people that the theft of a laptop from its graduate school admissions office exposed their personal information. That laptop was later recovered.

Since early 2005, more than 150 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.

Identity fraud continues to top the complaints reported to the Federal Trade Commission. Such complaints, which include credit card fraud, bank fraud, as well as phone and utilities fraud, accounted for 36 percent of the total 674,354 complaints submitted to the FTC and its external data contributors in 2006.

CPS will pay for one year of credit protection for any current or former employee affected by the theft, it said.

More from News.com on this story's topics: Identity theft
RSS feed; Education
Create an email alert | RSS feed; Fraud
RSS feed; Notebooks and tablets
Create an email alert | RSS feed; Security
Create an email alert | RSS feed

See more CNET content tagged:
identity fraud, pension fund, theft, laptop computer, personal information

Add a Comment (Log in or register) 8 comments (Page 1 of 1)

Madness
by danielwsmithee April 9, 2007 3:32 PM PDT: This is madness. It is not that hard to protect data like this. 1) Don't put it on a laptop unless absolutely necessary. 2) Encryption it is not that hard, especially when most current operating systems have it built in FileVault & BitLocker.; Reply to this comment

no excuses anymore
by n3td3v April 9, 2007 4:00 PM PDT: the intelligence services, corporate and educational laptops should have trackers installed on them by default...... there is no excuse now. i'm not spamming but go here......for an example: absolute.com/; Reply to this comment

The Only Way To Get A Stolen Laptop Recovered...
by Stating April 9, 2007 7:07 PM PDT: It seems like the only way to get a stolen laptop recovered is by having it contain Social Insecurity Numbers. If you or I have our laptop stolen, nobody cares and you will never see it again. If the same laptop causes a massive security breach, it will turn up in 48 hours. Perhaps we could claim that Osama stole a laptop containing 40,000 SSNs. I'll bet we find him fast...; Reply to this comment

Laptop Thefts
by county23 April 10, 2007 6:44 AM PDT: What in the hell is going on with these SHORT SIGHTED people and companies? Are their IT Departments so short sighted? The answer is YES! I work for a Medical Device company who's Sales Reps use laptops and they also USED to keep that kind of info on them, because NOBODY here wanted to deal with it, I tried talking to upper management but it fell on deaf ears until California put in it's privacy laws, Then they did a band-aid approach to the problem, 3yrs later, and the stolen VA Laptop making the headlines, on of our VP's pulled his head out of the dirt and insisted we do something to protect our laptops from ID-Data theft.. FINALLY! We are now loading PointSec on the laptops, which gives us full disk enryption, It may not totally fool proof, but it's a start and better than nothing... Personally, I don't understand why any laptop needs to carry thousands of personal data like that, I think companies who are this careless with personal information should be held responsible, and not just offer 1 yr of free credit monitoring. Thats my 2 cents; Reply to this comment View reply
Processing

Dumb... dumber... dumbest!!!
by wbenton April 10, 2007 7:47 AM PDT: #1. Require mandatory hard disk encryption (not Microsoft's OS encryption). #2. Require strong BIOS passwords with strong disk encryption unlock password. #3. Cable ALL PC's not just lap tops to the physical desk so that they CANNOT be removed. (And with #1 above, even if they were to remove the physical disk... it would not be usable in another PC). #4. Mandatorily require that ALL such data be stored on the server's hard disk and never stored locally. Also ensure that access to the server is severely restricted to those essentially required personnel ONLY. #5. Ensure Security Policies are modified as required to stay up to date with the latest practices and that everybody is following them as they were written. #6. Disallow removable media from be inserted in any machine except for specially approved encrypted memory sticks, etc. #7. Ensure tape backups of the data are encrypted. #8. Employee somebody who understands and can ensure the rest of company complies with Steps #1-7! Walt; Reply to this comment View reply
Processing

These laptops WERE encrypted...
by walleyek April 26, 2007 7:14 PM PDT: Turns out M&P believed the data was encrypted. This spells INSIDE JOB. I agree that "encryption is necessary, but not necessarily sufficent". These machines need to be equipped with kill pill capabilities to whack the data when stolen. How embarrassing for M&P -- especially since they offer a "Data Security" practice. Talk about eating the ironically-flavored dog food!; Reply to this comment