News Column

Stolen laptop leads to minor data breach at NMSU

August 23, 2014

By James Staley, Las Cruces Sun-News, N.M.



Aug. 23--LAS CRUCES -- A laptop stolen this summer from New Mexico State University contained a link to personal information on about 170 students, but a school official says the sensitive data is unlikely to be used for identity theft.

The laptop had been university property, used by a staff member, NMSU Police Lt. Lyn Hodges said, before it was stolen in late June from O'Donnell Hall.

Days later, authorities arrested the alleged burglar and thief, Oscar D. Quintana, a 19-year-old Sunland Park man. By that time, Quintana reportedly told police, he sold the laptop, according to court documents.

Norma Grijalva, head of information technology at NMSU, sent a letter dated Aug. 11 to the affected students. She wrote that "the thief was not targeting data, but rather items that could be easily sold." For that reason, Grijalva's letter continued, "the likelihood of the data being misused is very low."

The personal information included names, birthdates and Social Security numbers, according to Grijalva's letter.

Ronald Thomas, a Bosque Farms man and family member of one of the affected students, provided a copy of the letter to the Sun-News last week.

In an interview with the Sun-News, Grijalva said the pilfered laptop's hard drive was probably wiped by whomever purchased it from Quintana.

NMSU is subject to several federal data privacy regulations, Grijalva said, prompting her and other school officials to investigate the information contained on the laptop after it was stolen. They soon discovered the laptop had a backup file. A search of that file revealed the link to an Excel file containing the private data, she said.

Grijalva, who has worked at NMSU for years, said her department has had to send similar letters in the past, but this is the first time since she was promoted to chief information officer about 18 months ago.

There was nothing on the stolen laptop, she said, that could make NMSU central computing system vulnerable to hackers.

"No passwords or anything like that," she said.

Laws require NMSU to alert affected students within 60 days.

Thomas said he sent his own letter to Grijalva, Gov. Susana Martinez and the NMSU Board of Regents, requesting that Martinez and the regents investigate "this breach of trust and information."

He was stunned such data could get out.

Wrote Thomas: "Apologies aside, there is no excuse in the world for this breach to happen."

Grijalva said NMSU officials are "really trying to raise security awareness." Her letter states the school "is always continuing to enhance its training" when it comes to data security.

She also included information from the Federal Trade Commission about how to prevent identity theft and numbers for the three major credit reporting companies.

Quintana's case is pending in District Court. He has pleaded not guilty.

Anybody suspecting they've been victimized by identity thieves is advised to contact federal authorities and the three major credit reporting agencies, according to the U.S. Department of Justice website.

Here is some contact information.

Federal officials:

--Federal Trade Commission: 877-ID THEFT (877-438-4338)

--U.S. Postal Inspection Service: 877-876-2455

--Social Security Administration: 800-269-0271

--Internal Revenue Service: 800-829-0433

Credit reporting agencies

--Experian 888-397-3742

--Trans Union 800-680-7289

--Equifax 800-525-6285

James Staley can be reached at 575-541-5476.

___

(c)2014 the Las Cruces Sun-News (Las Cruces, N.M.)

Visit the Las Cruces Sun-News (Las Cruces, N.M.) at www.lcsun-news.com

Distributed by MCT Information Services


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Las Cruces Sun-News (NM)


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters