When we arrived at Tulane as freshmen, we went to meeting after meeting about keeping ourselves and our belongings safe: Don’t swipe random people into your dorm, keep your door locked and even keep your laptop chained to your desk. If your laptop happens to contain 10,000 employees’ W-2 tax information, you might want to bump your security efforts just a little more.
Apparently, Tulane administrators have not attended these meetings. A university official left a laptop containing Social Security numbers and other tax information of more than 10,000 university employees, including students in a car outside of the city only to have it stolen along with other personal items. And the laptop was not encrypted, meaning that whoever found that laptop may be able to access everyone’s information. It was, fortunately, password protected.
This year, Tulane switched from the Social Security Numbers to Splash IDs to prevent identity theft, which was a smart move. When reporting this change in The Hullabaloo, however, we failed to ask the university how else Tulane was protecting our personal information. We assumed that in a school full of doctors, intellectuals and (our) money, Tulane would find and fund a way to ensure that our information remained secure. Maybe they could take their own advice and chain that information to a desk in Gibson. If we had known that our personal information would be left in an unattended car, we would have thought twice before handing it over.
This lapse of judgment is a major oops, beyond any small miscalculations we’ve seen at this school in a while. And Tulane’s response is appropriate. Tulane is offering a year of free credit monitoring, and gave all students a number to call if they have questions. Though those who kicked off the new year with an e-mail from Tulane informing them that their personal information was in the hands of someone other than Tulane may want something a little bigger in a response — perhaps a bouquet of red roses or a singing telegram — the truth is that what is done is done, and that information is out there no matter Tulane’s response.
Still, Tulane needs to take some time to review how our information is kept safe. Who else has this information? What other information out there in insecure? Administrators know that this is a messy situation, and they have responded appropriately. The fact that they are in this situation at all, however, is cause for concern, and something like this cannot happen again.
Category: Laptop Security