Stanford laptop with employee data stolen: COMPUTER CONTAINS RECORDS FOR AS MANY AS 72,000 WORKERS

By Lisa M. Krieger

Jun. 7, 2008 (McClatchy-Tribune Regional News delivered by Newstex)

-- A Stanford University laptop computer with sensitive personnel information -- including the Social Security numbers, salaries and home addresses of as many as 72,000 current and former employees -- has been stolen.

The university declined to disclose details about the theft while an investigation is under way. Officials would not say when, or where, the laptop was stolen. Police and Stanford authorities are searching for the computer.

The computer does not contain driver's license numbers, credit card numbers, bank account numbers or other financial information, the university said.

Stanford has no evidence that any of the information on the stolen laptop has been accessed, said Randy Livingston, Stanford's vice president for business affairs and chief financial officer.

"We believe that the perpetrator of the crime was not seeking the records on the computer or even aware of them," he said. In many instances, such thefts are property crimes in which the laptop's hard drive is erased before the laptop is resold, he said.

Laptop theft plagues government, businesses and universities. In 2007, a laptop was stolen from the Foothill-De Anza College District that contained 4,725 student names and Social Security numbers.

More than 70 schools and colleges nationwide lost sensitive data in 2007, according to the San Diego-based Identity Theft Resource Center. The center encourages institutions to keep sensitive data on password-protected

files and to encrypt personal information.

University spokesman Jonathan Rabinowitz said the university would not disclose whether the data was on password-protected files.

Livingston said the university has guidelines that prohibit keeping sensitive information on unsecured computers. In the wake of the theft, he will lead a task force to review policies on keeping sensitive data secure, he said.

Stanford is sending e-mails and letters to current and former employees whose personal information may be at risk, as well as posting information on the Stanford home page at www.stanford.edu.

While the campus is trying to assess who might be affected, potential victims include anyone who received a paycheck from Stanford before Sept. 28, 2007, including faculty, staff and students who have been employed by the university in any capacity. People hired by Stanford after Sept. 28, 2007, are not affected, and neither are hospital and Stanford Linear Accelerator Center employees.

The data on the laptop included some or all of the following: first and last name, gender, birth date; Social Security number; business title and office location; work and home phone numbers; home address; salary; and Stanford e-mail address, ID card number and employee number.

Stanford is working with law enforcement to recover the laptop, officials said, and will scrutinize any requests for changes to passwords or personnel profiles.

"The university is committed to taking steps to assist individuals whose personal data may be misused," Livingston said.

For more information, call (650) 736-0099 and leave contact information for a return call, or e-mail privacyquestions@stanford.edu with full name and date of birth.

Contact Lisa M. Krieger at lkrieger@mercurynews.com or (408) 920-5565.

Newstex ID: KRTB-0185-25832905