The Associated Press (March 26, 2010)
"A company that guarantees federal student loans said Friday that personal data on about 3.3 million people nationwide has been stolen from its headquarters in Minnesota.
"Educational Credit Management Corp. said the data included names, addresses, Social Security numbers and dates of birth of borrowers, but no financial or bank account information.
"The data was on 'portable media' that was stolen sometime last weekend, ECMC said in a statement. Company spokesman Paul Kelash wouldn't specify what was taken, citing the ongoing investigation, but said there were no indications of any misuse of the data.
"The St. Paul-based nonprofit said it discovered the theft last Sunday and immediately contacted law enforcement, and made the theft public when it received permission from authorities. The Minnesota Bureau of Criminal Apprehension is leading the investigation...."
Reuters had their piece on this theft a couple hours earlier:
"ECMC reports data theft; 3.3 million affected"
Reuters (March 26, 2010)
"ECMC, a nonprofit guarantor of federal student loans, said on Friday that a portable media device was stolen from its headquarters containing personal information of about 3.3 million people.
"The stolen data, which was discovered and reported to authorities on March 21, included names, addresses, dates of birth and social security numbers. Local, state and federal law enforcement are investigating the theft.
"ECMC said the people who were affected will be receiving written notification from the company. The ECMC has arranged with Experian, a credit protection agency, to assist affected people...."
How Could This Possibly Happen?!Actually, I'm a little surprised that this sort of thing hasn't happened more often. There's a portable hard drive sitting on my desktop's tower that's about the size and shape of a wallet. I wouldn't: but I could put it in my pocket. It stores a ridiculous number of gigabytes of data.
ECMC, prudently, isn't saying what sort of portable media walked out of their facility: but my guess is that nobody worked up a sweat, carrying it.
And, much as I'm curious about this theft: I think it's a good idea to keep some details out of public knowledge. Law enforcement will have an easier time investigating this matter if some facts are only known to them, some people in the company, and whoever stole the stuff.
It's even possible that the "theft" wasn't intentional. I suppose someone could have taken a laptop or portable media home with them, neglected to fill out the right forms: and may have been spending this week trying to figure out how to tell the supervisor.
Or maybe someone thought they'd make a few bucks by stealing the data storage device itself. And didn't realize that the theft would make national news. With Reuters in the picture, maybe international.
Those Books Were Chained For a ReasonI grew up in a moderately colorful area. One of the things I heard, growing up, was how 'those people' kept the Bible locked away, so nobody could read it. It's a fact: Bibles, and other books, were often chained to reading racks during Europe's feudal period.
Not to keep people from reading them: so that the books would still be there, when someone came to use them.
That was the 'good old days,' before Gutenberg developed movable type. If you wanted a book, you had to pay for the original (you think "first editions" are valuable?), or pay someone to make a copy by hand. One letter at a time.
Each copy of each book involved an enormous amount of specialized labor. Those things were expensive. Hence the chains.
I'm not suggesting that organizations chain their thumb drives to the table: but I do think that we could improve our habits, and use the security protocols we've got.
- "Portland, Oregon: Watch Your (Cyber)Wallet"
(March 23, 2010)
- "Google, China, Censorship, Compromise: 'Totally Wrong'; or, Not"
(March 23, 2010)
- "Safety Advice for Twitter Users: Or Anybody Else"
(February 27, 2010)
- "If Your Password is 'Password1' - CHANGE IT"
(November 24, 2009)
- "Pilot's Laptop Missing: Yes, It's a Big Deal"
Another War-on-Terror Blog (April 27, 2008)
- "Passwords: Be Sure Yours Isn't on These Lists"
(April 20, 2008)