Cornell issues alert about theft of computer containing personal data


Cornell University Vice President for University Communications Tommy Bruce issued the following statement today.

Cornell University has learned that a university-owned computer that was stolen in early June contained the names and Social Security numbers of approximately 45,000 current and former staff and students and some dependents. The university is not disclosing details about the theft, as an investigation is under way.

The university is sending e-mails and letters to the individuals whose information was on the computer. They will be offered one year of free credit monitoring and identity restoration services. A web page with frequently asked questions (http://faq-june2009.cuinfo.cornell.edu) has also been created to provide affected individuals with additional information.

This incident underscores the need for ever more vigilant security processes. Cornell University is committed to maintaining the privacy of individuals' personal information and takes many precautions to ensure its security. In response to incidents of theft like this one and the increasing number of Internet-enabled computer attacks, the university is continually enhancing its systems and practices.

The e-mail sent to affected individuals is below:

Dear Current or Former Member of the Cornell Community:

Last week, we learned that a Cornell-owned computer that was stolen earlier this month contained your name and Social Security Number. Please accept our most sincere apologies for this unfortunate event.

In order to inform you of this situation as quickly as possible, we are sending you this email in advance of a formal notification via U.S. mail.

The official letter will detail the services that Cornell is offering you, at our expense, in response to this incident. There will also be a toll-free number you can call for additional information and assistance.

In the meanwhile, we urge you to visit a web site we have created with frequently asked questions (an FAQ) about this situation and some steps you can take yourself:

http://faq-june2009.cuinfo.cornell.edu

We will be updating this web page as more information becomes available. It is, however, the official notification letter that will contain the details about activating the services Cornell is making available and whom you can contact with any questions or concerns.

This incident underscores the need for ever more vigilant security processes. Cornell University is committed to maintaining the privacy of individuals' personal information and takes many precautions to ensure its security. In response to incidents of theft like this one, and the increasing number of Internet-enabled computer attacks, the University is continually improving its systems and practices.

Once again, please accept our apologies for this incident. We deeply regret any inconvenience it may cause.

Thank you.

Polley A. McClure
Vice President for Information Technologies
Cornell University

Steven J. Schuster
Director, IT Security Office
Cornell Information Technologies