Oh great...

From: Georgetown University Information Security Office
Date: Jan 29, 2008 8:27 AM
Subject: Message from Georgetown Information Security Office

January 28, 2008

Dear Current or Former Students, Faculty and Staff:

We are writing to inform you that you are among a group of individuals whose personally identifiable information such as name and social security number may have been exposed due to a recent computer theft on campus. We regret this incident and wanted to alert you via emailas soon as possible after completing our investigation of the nature and scope of the data at issue. Recognizing the seriousness of this incident and the concern we share for the personal security of those within our community, we are making arrangements to provide free credit monitoring services for you. In the coming days you can expect to receive a hard copy mailing with instructions on how to take advantage of this service.

On January 3, 2008 an external computer hard drive was reported stolen from a locked office within the Office of Student Affairs in the Leavey Center on the Main Campus. Georgetown’s Department of Public Safety responded to scene and continues to cooperate with an ongoing investigation by the District of Columbia Metropolitan Police Department. In addition, we have informed the U.S. Secret Service about this incident so that they may follow up as they determine appropriate.

A thorough internal investigation of the data that was contained on the hard drive has now determined that the hard drive included personally identifiable information for students enrolled and some faculty and staff from 1998 through 2006. Since the files related to a range of cross-campus student financial transactions processed through the Office of Student Affairs, it pertained to students enrolled at the Main, Medical and Law Center campuses. No financialinformation, such as bank account or credit card numbers, was contained in the hard drive. This incident is limited to this one hard drive and does not extend to other University systems and services where personal data may be stored or updated.

At this time Georgetown has no evidence that your personal data have been misused. However, as a precaution, we are notifying you of this situation and encouraging you to place a fraud alert on your credit reporting accounts. You can find instructions for notifying credit bureaus, utilizing the free credit monitoring service (as soon as it’s available) and other information online at identity.georgetown.edu.We have also established a toll free hotline (1-866-740-2458) be operational as of 9:00am EST tomorrow morning. In addition,if you are on or near the Main Campus, you may attend an information session on Wednesday, January 30 at 2:00pm in the ICC Auditorium where we will be able to respond to any questions in person. A separate information session will also be held on the Law Center campus on Thursday, January 31 at 4:00pm in McDonough Hall Room 203.

Although in this particular instance the data breach was the result of a computer theft and not any kind of system intrusion, it is an unfortunate example of the increasing importance of data security to all of us. We deeply regret any incident that potentially exposes the sensitive data of members of our community.

Georgetown recognizes the potential vulnerability of this kind of information and consistently has taken steps to protect data across University systems. For example, Georgetown has been actively reducing the use of social security numbers in its data storage. Individuals are now assigned GoCard numbers and NetIDs to be used as unique identifiers instead of social security numbers. We are also taking other steps to implement enhanced security procedures across campuses and continue to identify and incorporate emerging best practices in data protection and security.

You may also take steps individually to protect sensitive data. Some suggestions for doing so can be found at our Office of Information Security website at security.georgetown.edu as well as online resources from the Privacy Rights Clearinghouse at http://www.privacyrights.org/identity.htm and the federal government’s identity theft website at http://www.ftc.gov/bcp/edu/microsites/idtheft/.Please accept our sincere apologies for this incident. Thank you for your cooperation and understanding.

Sincerely,
H. David Lambert Todd Olson
Vice President and Chief Vice President for Student Affairs
Information Officer