Colo. College Warns 93,000 After Laptop Theft

A state college in Denver believes it may have lost sensitive information on more than 93,000 students after one of the school’s laptop computers was stolen from an employee’s home late last month.

The unnamed employee of Metropolitan State College had been using the information, including student names and Social Security numbers, to write a grant proposal, the college said Thursday. The data, which appears to have been unencrypted, was also being used by the employee to write a master’s degree thesis, the school said.

The laptop was stolen on Feb. 25, but Denver police asked the school to wait until March 1 to go public with news of the theft to help with the ongoing investigation. Students who registered for Metropolitan State courses between the 1996 fall semester and the 2005 summer semester are now being notified of the incident via letter, the college said.

Although there is no evidence that any of this data has been used for identity theft, there are a number of unanswered questions related to the incident.

One question is whether the sensitive information was actually stored on the computer at the time of the theft, according to college President Stephen Jordan. "The employee does not recall whether he had deleted those files from the laptop," he said in a statement.

A second question is whether the employee should have been storing this type of data outside of school premises for the purposes of a master’s thesis. The college is "investigating whether the employee had obtained permission ... to use the data in his thesis," the college said.

The college is now reviewing its policies regarding laptops, particularly related to unencrypted information, Jordan said.

The college website includes tips on avoiding laptop theft, and on preventing stolen information from being used following such an event.

The college did not immediately return calls seeking comment for this story on Friday.

For related coverage, read Ore. Health Data Breach Results in Loss of 4 Jobs and When the Dike Breaks: Responding to the Inevitable Data Breach.

Keep checking in at our CSO Security Feed page for updated news coverage.

-Robert McMillan, IDG News Service

Copyright © 2006 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.