Georgetown is an excellent law school — “T14″ (top 14), as some like to say — with many things going for it. Supreme Court justices love to visit. Students get to take classes like The Law of 24. The diva-licious Nina Totenberg speaks at commencement.
Perhaps most importantly, at least to readers of ATL, Georgetown grads land excellent jobs. Not surprisingly, in a recent poll, a majority of respondents said they’d need $100,000 to turn down 14th-ranked Georgetown in favor of, say, 51st-ranked Arizona State (maybe ’cause they’d like to be separated from Kumari Fulbright by multiple states).
But GULC isn’t perfect. Mistakes get made — mistakes that could, say, compromise your personally identifiable information (and mess with your credit score). From several tipsters:
“You might want to post this so anyone who graduated during this time but didn’t get the e-mail knows about the stolen identities.”
“I got this warning this morning. Evidently, not everyone is affected, as students next to me in class have not received the email. Just thought I’d forward this along to show the problems at American could be worse – at least their identities aren’t at risk.”
View the email, after the jump.
Update: We have also posted a follow-up to the original message.
GEORGETOWN UNIVERSITY LAW CENTER — MEMORANDUM — EXPOSURE OF PERSONALLY IDENTIFIABLE INFORMATION
From: University Information Security Office
Date: Jan 29, 2008 8:27 AM
Subject: Message from Georgetown Information Security Office
January 28, 2008
Dear Current or Former Students, Faculty and Staff:
We are writing to inform you that you are among a group of individuals
whose personally identifiable information such as name and social
security number may have been exposed due to a recent computer theft
on campus. We regret this incident and wanted to alert you via email
as soon as possible after completing our investigation of the nature
and scope of the data at issue. Recognizing the seriousness of this
incident and the concern we share for the personal security of those
within our community, we are making arrangements to provide free
credit monitoring services for you. In the coming days you can expect
to receive a hard copy mailing with instructions on how to take
advantage of this service.
On January 3, 2008 an external computer hard drive was reported stolen
from a locked office within the Office of Student Affairs in the
Leavey Center on the Main Campus. Georgetown’s Department of Public
Safety responded to scene and continues to cooperate with an ongoing
investigation by the District of Columbia Metropolitan Police
Department. In addition, we have informed the U.S. Secret Service
about this incident so that they may follow up as they determine
A thorough internal investigation of the data that was contained on
the hard drive has now determined that the hard drive included
personally identifiable information for students enrolled and some
faculty and staff from 1998 through 2006. Since the files related to
a range of cross-campus student financial transactions processed
through the Office of Student Affairs, it pertained to students
enrolled at the Main, Medical and Law Center campuses. No financial
information, such as bank account or credit card numbers, was
contained in the hard drive. This incident is limited to this one
hard drive and does not extend to other University systems and
services where personal data may be stored or updated.
At this time Georgetown has no evidence that your personal data have
been misused. However, as a precaution, we are notifying you of this
situation and encouraging you to place a fraud alert on your credit
reporting accounts. You can find instructions for notifying credit
bureaus, utilizing the free credit monitoring service (as soon as it’s
available) and other information online at identity.georgetown.edu.
We have also established a toll free hotline (1-866-740-2458) which
will be operational as of 9:00am EST tomorrow morning. In addition,
if you are on or near the Main Campus, you may attend an information
session on Wednesday, January 30 at 2:00pm in the ICC Auditorium where
we will be able to respond to any questions in person. A separate
information session will also be held on the Law Center campus on
Thursday, January 31 at 4:00pm in McDonough Hall Room 203.
Although in this particular instance the data breach was the result of
a computer theft and not any kind of system intrusion, it is an
unfortunate example of the increasing importance of data security to
all of us. We deeply regret any incident that potentially exposes the
sensitive data of members of our community.
Georgetown recognizes the potential vulnerability of this kind of
information and consistently has taken steps to protect data across
University systems. For example, Georgetown has been actively
reducing the use of social security numbers in its data storage.
Individuals are now assigned a GoCard numbers and NetIDs to be used as
unique identifiers instead of social security numbers. We are also
taking other steps to implement enhanced security procedures across
campuses and continue to identify and incorporate emerging best
practices in data protection and security.
You may also take steps individually to protect sensitive data. Some
suggestions for doing so can be found at our Office of Information
Security website at security.georgetown.edu as well as online
resources from the Privacy Rights Clearinghouse at http://www.privacyrights.org/identity.htm
and the federal government’s identity theft website at http://www.ftc.gov/bcp/edu/microsites/idtheft/.
Please accept our sincere apologies for this incident. Thank you for
your cooperation and understanding.
H. David Lambert Todd Olson
Vice President and Chief Vice President for Student Affairs
GEORGETOWN UNIVERSITY LAW CENTER — FOLLOW-UP MEMORANDUM — EXPOSURE OF PERSONALLY IDENTIFIABLE INFORMATION
From: Information Systems Broadcast
Sent: Tuesday, January 29, 2008 1:46 PM
To: Information Systems Broadcast
Cc: All Faculty and Staff; All Students
Subject: Message from Law Center Dean T. Alexander Aleinikoff
I am writing to let you know that the University sent an e-mail this morning informing some members of our community that an external hard drive containing personal information, including social security numbers and dates of birth, was stolen from a locked office on the main campus earlier this month. Of the more than 38,000 persons who received the e-mail, about 8,300 were former and current Law Center students and staff.
The information that was contained on the hard drive pertained to fees associated with the student health insurance program in which Law Center students and some staff participate. This program is administered through the main campus Office of Student Affairs.
The notification from main campus informs those affected about steps they can take to protect against misuse of the disclosed information, including fraud and identity theft. The University has established a website (identity.georgetown.edu) and a toll-free hotline (866-704-2458) that includes additional information.
University representatives will come to the Law Center to conduct an information session on Thursday, January 31, at 4:00 p.m. in McDonough 203.
This incident has prompted us to review our security measures at the Law Center. I have initiated a Law Center-wide examination of practices and policies that pertain to the collection and storage of, and access to, sensitive information kept in both electronic and paper form.
I am deeply concerned about this breach of data security. The Law Center will do everything we can to support and assist those affected.
T. Alexander Aleinikoff
What Would It Take For You To Go To Arizona State (#51) Rather Than Georgetown (#14)? 57% Say $100,000 [TaxProf Blog]