University Warns of Personal Information Loss
Scientific Computing Facility users affected
University officials are attempting to reach former users of the Scientific Computing Facility (SCF) this week, following the loss of a USB memory device containing the users’ personal information. The device — a flash drive — was lost in transit between the Office of Information Technology (OIT) and University Information Systems and contains 1,377 names and identification numbers, including some Social Security numbers. No other information was on the device.
The data loss affects only University affiliates who made use of supercomputers in the SCF, which is used for research in advanced computational science and engineering, scientific visualization, computer graphics, and supercomputing. The loss is also largely limited to former users who left BU before 2000 and whose Social Security numbers remained on file in the SCF database. The Office of Information Technology was removing the last remaining Social Security numbers from the SCF database when the device was lost.
Since the loss occurred, on September 20, Information Systems and Technology has been working to locate the users whose data was on the flash drive, says John Porter, the department’s vice president. Fewer than 100 of the affected accounts are active, and only three account holders are currently at the University. The majority of those affected are not BU students or employees, but outside users who were involved in advanced computational research at the University — to locate them, OIT staff have been searching research publications and Web directories. Alumni Relations is using its own records to contact any former students whose data have been lost.
“We are working to ensure that our alumni are provided the necessary assurances that this type of data loss does not happen again,” says Meg Umlas, executive director of Alumni Relations.
The risks in this situation are extremely low, according to Porter, as not all the ID numbers are Social Security numbers, there is no other identifying information besides user names, and there is no evidence the USB device has been found or its contents accessed. Nonetheless, the University is recommending that when notified, those people affected contact a consumer credit bureau such as Equifax, Experian, or Transunion and place a fraud alert on their credit accounts as a precaution.
This is the first significant instance of data loss at BU, but the problem has occurred at institutions around the country. Last spring Ohio University discovered that one of its servers, containing 137,000 Social Security numbers, had been accessed by hackers, and in May personal information of 26.5 million U.S. veterans was lost when a laptop and external hard drive were stolen from the home of a federal employee. A report from the House Government Reform Committee, released on October 13, found that most data losses at federal agencies are the result of lost or stolen laptops, memory devices, or disks.
Affected users can e-mail email@example.com or call 617-353-7800 for more information.