[ISN] UNI employees told to initiate fraud alerts

InfoSec News isn at c4i.org
Mon Feb 20 02:07:25 EST 2006


February 17, 2006

About 6,000 employees at the University of Northern Iowa were advised
in a letter to protect themselves from identity theft by contacting
credit reporting agencies and initiating fraud alerts after a security
breach was detected last week on a laptop computer at the university,
officials said Friday.

The laptop, assigned to the UNI's Office of Business Operations,
contained Internal Revenue Service W-2 forms for student employees,
faculty and staff.

UNI officials said a virus was detected on the laptop, which was being
used to review how the forms would look like when they were being
printed. Tom Schellhardt, vice president for administration and
finance said officials found no evidence to suggest personal
information was accessed.

Even so, everyone with data on the computer was sent the advisory
letter along with a recommendation to monitor their personal financial
information to ensure their accounts have not been tampered with.

Steve Moon, director of network services at UNI, said the person who
used the laptop computer did so to review the print jobs for the W2

"There had been problems with printing, and the person wanted to
review what the print stream was trying to do," he said.

Even so, he said it's risky to put sensitive information on a laptop.  
"Certainly it's more at risk just to be stolen," he said.

"It would be much easier to pick up a laptop and stick it in your
backpack than a desktop would be."

A. Frank Thompson, a UNI professor of finance, said he didn't think W2
forms should be on the computer at all, because the information must
be made into a hard copy anyway for tax purposes. Also, "it simply
opens up the possibility of that information being inappropriately
accessed," he said.

More information about the ISN mailing list