Spurred by the recent theft of a vendor's laptop computer containing sensitive information on more than 84,000 alumni and unaffiliated donors, UND's Alumni Association decided Thursday to stop using Social Security numbers to track those individuals.
The association's management group also decided Thursday to devise new ways of transacting business by credit card so those credit card numbers won't have to be stored in the association's computerized records.
"We believe this will be an evolving trend" for alumni groups nationwide, said Tim O'Keefe, executive vice president of the UND Alumni Association and its sister agency, the UND Foundation.
O'Keefe emphasized that no breach of the confidential information stored on the stolen laptop has occurred and that he remains confident none will occur.
But in conversations with other alumni leaders, he said, he has become convinced "that the growing problem of identity theft is going to force the Social Security number to disappear as a primary tracking mechanism.
ADVERTISEMENT
"We believe we will be in the forefront" of a fundamental shift in the way academic institutions maintain connections with alumni, he said. "It's simply the right thing to do."
Not alarmed
UND alumni and donors whose information could have been compromised in the recent theft of a software vendor's laptop computer appear not overly alarmed by the situation.
The alumni body and UND Foundation "have always worked with the utmost professionalism," said Philip McKenzie, an alumnus and a vice president at Digi-Key in Thief River Falls, one of the world's largest distributors of electronic components.
"I believe that their processes for data protection were thorough and reasonable," McKenzie said.
"But all systems have flaws," he said. "I'm glad the association has provided access to credit monitoring, and I would recommend all alumni who were affected to engage that service immediately. I'm personally going to change my passwords -- just as we are all constantly reminded to do."
Fewer than a dozen alumni had called or e-mailed the UND Alumni Association to ask questions or express concern since the problem was disclosed Tuesday, O'Keefe said Thursday before going into an alumni managers meeting where the decision was made to move away from Social Security numbers.
Letters are being sent this week to the more than 84,000 people whose information could have been compromised, and the situation has received widespread media attention. The first batch of letters went out Wednesday to alumni in the Red River Valley.
ADVERTISEMENT
"They should start arriving (Thursday), and that may generate more questions," O'Keefe said. "But so far, it's been fairly quiet, and after everything is explained to them, they're satisfied. There have been no emotional calls."
The stolen laptop has not been recovered and likely won't be, he said, but he continues to hold "the very strong belief that there is not and will not be a problem" of identity theft in this case because of encryption of the data and other security measures.
"Everything was at industry-practice level or better," O'Keefe said.
He said the association would review its data security measures, however, and -- before the managers' meeting -- he said that "one of the things we are taking a very hard look at" is the use of Social Security numbers to track alumni.
"Because of the growing identity theft problem nationally, there may be a change in the wind," he said.
The laptop, which contained sensitive personal and financial information on more than 84,000 UND alumni, donors and others -- including credit card information and Social Security numbers -- was stolen in late September from a vehicle belonging to a software vendor retained by the association.
Kristin Casteel, also a UND alum and manager of business analysis at Digi-Key, said she was only "mildly" concerned when she heard about the laptop theft.
"I would be more concerned if the information had not been encrypted," she said. "And the (association) took some responsible steps, such as making the credit monitoring available."
ADVERTISEMENT
At the vendor's expense, alumni may sign up for credit monitoring through TransUnion, including online credit reports, scores and analysis. Procedures for accessing the credit monitoring services are detailed in the letters going out this week.
Casteel said that she intended to ask the alumni organization whether it had personal information of hers beyond contact information. "If they have carryover information from my student days, maybe they have my Social Security number," she said.
Casteel said that she understands and accepts the alumni association's decision not to identify the vendor or where the laptop theft occurred, as that could lead to an otherwise unknowing thief discovering the potential value of information contained in the laptop.
Targeted information
UND alumni officials believe the vendor's laptop was taken in a crime of opportunity and was not targeted for its specific data, but that does happen.
Just last week in Missouri, supporters of Republican presidential candidate John McCain increased security after a staffer's laptop containing "strategic information" was stolen from a campaign office in Independence, according to news reports.
Last year, the theft of four laptops that may or may not have been targeted for their data caused major headaches for more than 20,000 members of a Canadian health group. Also in 2007, an unknown number of current and former employees of Verisign were affected when a laptop was taken from an employee's car, and a stolen Citibank laptop put at risk sensitive personal information of more than 500 student loan holders.
Dwarfing those cases: In 2006, a laptop stolen from an employee of the federal Department of Veterans Affairs contained sensitive information on 26 million veterans. The laptop eventually was recovered, but according to FBI statistics, that's a rare happy result; in about 97 percent of such cases, the laptop is never recovered.
ADVERTISEMENT
More than a half million laptops, or personal computer notebooks, were stolen in 2003, according to insurance industry figures, and that number has grown as laptops have proliferated.
Reach Haga at (701) 780-1102; (800) 477-6572, ext. 102; or send e-mail to chaga@gfherald.com .
