January 28, 2008
Dear Current or Former Students, Faculty and Staff:
We are writing to inform you that you are among a group of individuals
whose personally identifiable information such as name and social
security number may have been exposed due to a recent computer theft
on campus. We regret this incident and wanted to alert you via email
as soon as possible after completing our investigation of the nature
and scope of the data at issue. Recognizing the seriousness of this
incident and the concern we share for the personal security of those
within our community, we are making arrangements to provide free
credit monitoring services for you. In the coming days you can expect
to receive a hard copy mailing with instructions on how to take
advantage of this service.
On January 3, 2008 an external computer hard drive was reported stolen
from a locked office within the Office of Student Affairs in the
Leavey Center on the Main Campus. Georgetown’s Department of Public
Safety responded to scene and continues to cooperate with an ongoing
investigation by the District of Columbia Metropolitan Police
Department. In addition, we have informed the U.S. Secret Service
about this incident so that they may follow up as they determine
appropriate.
A thorough internal investigation of the data that was contained on
the hard drive has now determined that the hard drive included
personally identifiable information for students enrolled and some
faculty and staff from 1998 through 2006. Since the files related to
a range of cross-campus student financial transactions processed
through the Office of Student Affairs, it pertained to students
enrolled at the Main, Medical and Law Center campuses. No financial
information, such as bank account or credit card numbers, was
contained in the hard drive. This incident is limited to this one
hard drive and does not extend to other University systems and
services where personal data may be stored or updated.
At this time Georgetown has no evidence that your personal data have
been misused. However, as a precaution, we are notifying you of this
situation and encouraging you to place a fraud alert on your credit
reporting accounts. You can find instructions for notifying credit
bureaus, utilizing the free credit monitoring service (as soon as it’s
available) and other information online at identity.georgetown.edu.
We have also established a toll free hotline (1-866-740-2458) which
will be operational as of 9:00am EST tomorrow morning. In addition,
if you are on or near the Main Campus, you may attend an information
session on Wednesday, January 30 at 2:00pm in the ICC Auditorium where
we will be able to respond to any questions in person. A separate
information session will also be held on the Law Center campus on
Thursday, January 31 at 4:00pm in McDonough Hall Room 203.
Although in this particular instance the data breach was the result of
a computer theft and not any kind of system intrusion, it is an
unfortunate example of the increasing importance of data security to
all of us. We deeply regret any incident that potentially exposes the
sensitive data of members of our community.
Georgetown recognizes the potential vulnerability of this kind of
information and consistently has taken steps to protect data across
University systems. For example, Georgetown has been actively
reducing the use of social security numbers in its data storage.
Individuals are now assigned a GoCard numbers and NetIDs to be used as
unique identifiers instead of social security numbers. We are also
taking other steps to implement enhanced security procedures across
campuses and continue to identify and incorporate emerging best
practices in data protection and security.
You may also take steps individually to protect sensitive data. Some
suggestions for doing so can be found at our Office of Information
Security website at security.georgetown.edu as well as online
resources from the Privacy Rights Clearinghouse at
www.privacyrights.org/identity.htm and the federal government’s identity theft website at
www.ftc.gov/bcp/edu/microsites/idtheft/.
Please accept our sincere apologies for this incident. Thank you for
your cooperation and understanding.
Sincerely,
H. David Lambert Todd Olson
Vice President and Chief Vice President for Student Affairs
Information Officer