Roane State Community College in Harriman, Tenn. is the latest institution of higher learning to accidentally divulge sensitive personal information thanks to a stolen USB drive that exposed almost 16,000 student and employee Social Security numbers last month.
The data was housed on a 4GB USB drive that was taken home by an employee and left in an unlocked car overnight. The drive and the employee’s personal handheld device were discovered missing early on the morning of Oct. 10.
Roane State officials have determined that the data storage device contained primarily names and Social Security numbers of 10,941 people, including 1,194 current or former employees and 9,747 current or former students.
The device also contained Social Security numbers only, but no names, for 5,036 current or former students. No academic records were included on the device.
The college has sent letters to anyone who may be affected by this theft and has notified major the major credit-monitor and reporting agencies.
“While we have no reason to believe that the data was stolen for identity-theft purposes, we urge those affected to closely monitor their financial accounts for irregularities,” Danny Gibbs, Roane State’s vice president of business and finance said in a statement. “Roane State deeply regrets the exposure of this data.
The small community college roughly 40 miles east of Knoxville, Tenn. is just one of more than a dozen universities in the past year that either accidentally compromised sensitive personal information or was hit by a malicious hacking or phishing attack.
This week, Chaminade University in Honolulu warned more than 4,500 students that an employee accidentally posted their names and Social Security numbers on an obscure link on the university’s Web site. The data was readily available to anyone with an Internet browser for more than eight months.
In September, the University of North Carolina’s radiology department discovered that hackers may have compromised a server containing the personal data of more than 163,000 women participating in a mammography research project.
Roane State officials said the employee responsible for losing the USB drive violated the school’s security policy by copying school data and taking it off property but has not been reprimanded.
“While Roane State’s policies define rules for protecting confidential data, when something like this happens, you stop, step back, and take a look at everything you are doing,” Gibbs said. “We are reviewing our procedures to determine what additional measures can be put in place to keep something like this from happening again.”