Slashdot Mirror

← Back to Stories (view on slashdot.org)

Berkeley Grads' Identity Data Stolen

Posted by timothy on from the practice-safe-applicating dept.

yali writes "Did you get a graduate degree from Berkeley? Or maybe you just applied but didn't go there? If so, your identity may have been stolen. A laptop was stolen containing names, social security numbers, birthdates, and addresses of grad students, alumni, and applicants. University police suspect that the thief just wanted the laptop, but the irony of California's mandatory notification law is that the thief may now know they have something even more valuable. Berkeley has set up a website with information on the breach."

10 of 289 comments (clear)

  1. Secret by BWJones · · Score: 5, Insightful

    Personal data need to be treated as government certification of Secret documents, or at least give it Collateral classification level treatment. When personal data is checked out and allowed to be placed on laptops or other portable devices for removal from the central location where the data is stored, personal responsibility needs to be ensured and access should be confirmed by 1) need to know basis and 2) those who are trained to undergo training with confidential data.

    Granted, this will not prevent all leaks as even the State Department, CIA and FBI have had problems with missing laptops, but they are getting better about data confidentiality and security through training and implementation of protocols designed to limit leaks and unauthorized access.

    --
    Visit Jonesblog and say hello.
  2. Re:Why do they need the SSNs? by DarkTempes · · Score: 5, Insightful

    they use it as a personal identification number (which it isn't supposed to be used as but since everyone has a unique one it makes it easy for them to do it).

    they don't NEED to but they CAN and so they do.

  3. Re:Why do they need the SSNs? by G-funk · · Score: 5, Interesting

    Because your SSN (like our TFN, or Tax File Number) is your nation ID number. Wether you like it or not, wether it's legal or not, it's still a fact. You guys have it worse than us, we seem to have the TFN for all "official" docs like government, financial institutions etc, and we have our license no for everything else, such as video cards etc. But we're still in databases all over the world, easily indexed by a small number of different "unique enough" keys.

    --
    Send lawyers, guns, and money!
  4. The real problem: unchangeable passwords by pocari · · Score: 5, Interesting
    The real problem is that banks, credit bureaus, and schools are allowed to continue to pretend that knowing someone's SSN and birthdate is proof of anything.

    It seems like this could be solved with a public database of SSNs and birthdays. Once you list yourself, you can tell credit bureaus and banks that this information has been widely published, and therefore anybody who acts like it's a secret is negligent. Civil disobedience for the information age.

    I am too chicken to go first, though.

  5. Biometrics by failure-man · · Score: 5, Interesting

    With all this personal data getting stolen (and the tinfoil crowd will hate this) the only way to avoid a complete infoclypse may be to actually appear somewhere in person and have your identity biometrically certified when you apply for credit.

    These leaks aren't gonna go away, so we'd better start finding ways to make them irrelevant. Sure, it'd be inconvenient and raise privacy concerns, but I'd rather have my prints on file than have my bank accounts cleaned out and credit ruined with little, if any recourse, solely due to someone else's blunder.

  6. Re:Why do they need the SSNs? by flyingsquid · · Score: 5, Funny
    Why does a school need our SSNs? Why does anybody outside the government? Here in Minnesota, I need to provide my SSN now just for fishing and hunting licenses. WTF?

    Next time you apply for a license, just tell them you are John Kruptowski, 537 Cherrywood Circle, Minneapolis, Minnesota, 575-63-6216, currently applying to UC Berkeley's astrophysics program.

    If you don't like that name, I got a zillion more.

  7. Can you say "Irony" by tomhudson · · Score: 5, Interesting
    SISS, UC Berkeley - Social Security, Driver's Licenses, and California ID Cards
    Social Security Number Safety

    Although a SSN is only meant to be used for tax and government purposes, it is often used by financial institutions, businesses, and others as a unique identification number. Because the SSN is a unique ID, it is often the target of "identity theft". Therefore you should be very careful about where and to whom you give your SSN.

    • Never carry your Social Security card or number with you. Keep it at home in a secure place.
    • Only give your SSN to someone who has a specific and legitimate need for it.
    • Be very careful with any forms, applications or other materials that may have your SSN on it.
    • Never give your SSN to someone who phones you. You should initiate the call or meet in person.
    • Never reply to email or web sites that request an SSN.
    Gee, too bad they don't follow their own advice to "be careful". Guess they haven't quite gotten the hang of that "intarweb thingee" yet.
  8. At Least It's Not Arrogance by mirio · · Score: 5, Interesting

    Well, during my undergrad years at an unnamed university...oh what the hell...The University of West Georgia, I worked in the ITS department on campus which was responsible for all the applications in our internal system called Banner (a big freaking waste of money for an Oracle Forms application..but that's another discussion for another day).

    Anyway, my role was to prepare reports for various people around campus. For example, if a student organization required a given GPA for membership, their faculty advisor could request a report of all students meeting the criteria.

    The thing that most amazed me when I started working there was the complete lack of respect for people's social security numbers and birthdays. Any professor on campus could get pretty much any information he or she wanted.

    Even more brazen than this activity was the infrastructure on campus. Every user ran their applications over a telnet session. Yes....telnet. I demonstrated to my boss how easy it was to run a packet sniffer and catch social security numbers as they went across the wire..but all my concerns fell on deaf ears. I also showed them how SSH could be used as a direct replacement for telnet but again...no one seemed care.

    I then wrote a letter to the editor of the University's only newspaper describing the lack of respect for peoples' personal information, but the letter was never published. When I e-mailed the student editor and asked why my letter wasn't published, she said she was asked by the administration not to run it.

    I graduated in 99 so I'm not sure if any changes have been made. I would love to know.

  9. Why all on a latop? by WebHostingGuy · · Score: 5, Insightful

    Why was all of this on a laptop?

    Sensitive information should be placed in a central repository and then encrypted and guarded. The mere fact that someone can download this to a laptop shows that their mindset is that this information is just normal stuff like a word document. Before you can have true security organizations need to get this first.

    --
    Quality Hosting e3 Servers
  10. idiots by Mr.+Underbridge · · Score: 5, Interesting
    I am not sure Windows has anything to do with it as any OS supports crypto, the question is why did an application designed to hold social security numbers on a insecure PC not encrypt the data store?

    Something tells me the whole thing was on Excel.

    There is absolutely no reason to have anything like this on a laptop. If there is some reason one would need the information from a laptop, you can access it from a server using a client that won't make a local copy. Ridiculous.