Computer theft prompts data security notification for current, former students

Thousands of current and former Institute of Technology students are receiving notification letters informing them that their personal data was contained on two computers stolen from Lind Hall in mid-August. Those affected include:

  • students entering the Institute of Technology as freshmen from fall 1991 through fall 2005 and those admitted for fall 2006;
  • students transferring to the lower division of IT from fall 1999 through fall 2004, and who were still in lower division for fall 2004; and
  • those admitted as IT lower division transfer students for fall 2006.

The information contained in the freshman files includes name, address, phone number, University of Minnesota student ID number, birth date, citizenship, high school attended, high school rank, standardized test scores (ACT, SAT), Advanced Placement and International Baccalaureate scores, University of Minnesota GPA, grades in some University courses, and, for a few students, coded information on probationary status. For transfer students, only name, ID number and coded probationary information were included.

Social Security numbers were included for some students: the freshmen class of 1991 (559 students) and 43 students for whom letters were written supporting appeals for financial aid over a number of years.

Because of the potential for identity theft, the individuals whose Social Security numbers are at risk have been sent separate letters that include information about how to protect their records. Information about credit monitoring can be found on the Consumers Union Web site.

The U of M student ID number is valid only at the University. It is password protected and the University computer system prohibits access to records without passwords. No one can access financial or academic records with only the name, ID, Social Security number, and/or birth date. No passwords were contained on the stolen computers.

Although there is the potential for fraudulent use of the personal information on the stolen computers, the potential for identity theft is considered small. Circumstances indicate that the computers and not the data on them were the target of the theft.

The Institute of Technology and the University have now enhanced data security efforts by increasing the level of physical security for computers and ensuring that student data is stored on secure networks and file storage devices. The University also is developing additional programs and procedures to help improve data security.