Berkeley Grads' Identity Data Stolen

yali writes "Did you get a graduate degree from Berkeley? Or maybe you just applied but didn't go there? If so, your identity may have been stolen. A laptop was stolen containing names, social security numbers, birthdates, and addresses of grad students, alumni, and applicants. University police suspect that the thief just wanted the laptop, but the irony of California's mandatory notification law is that the thief may now know they have something even more valuable. Berkeley has set up a website with information on the breach."

It's easy to encrypt in Windows

[caluml]

Windows, love it or hate it, makes it very easy to secure your data on a laptop. Just right click, and buried somewhere in there (Advanced options or something) tick the Encrypted option.
Better still, just create a directory (C:\Encrypted), and encrypt the folder, and all subdirectories.
Of course, there are issues with losing the encryption key, but as it's a laptop, and probably only has the one harddrive, I would expect the person to be keeping a backup somewhere else.

Re:Identity data stolen from a private university

[Muttley]

umm, sir, Berkeley is a State University... University of California. It in fact might be one of the best public universities in the country, alongside UT Austin, UW Seattle, Georgia Tech, and that probably wraps up my knowledge of US Public Universities.

Trivia - who is the highest paid state official in California...?
The coach of the UCLA Football team.

Re:It's easy to encrypt in Windows

[tmasky]

With Win2k, maybe XP too, you need to download a special pack to get the 3des cipher if your copy is from outside the US. IIRC, this isn't even the default cipher. Plain DES is! (which is very insecure ;))

Screw encrypting stuff with 3des =/ Laptop power is precious enough as it is.

Re:Why do they need the SSNs?

[anthony_dipierro]

They're not unique forever, because the government recycles them after a few years.

Insightful? This is patently false. There are some instances of multiple people having the same SSN, but these were accidental, and not intentional, and the government will issue a new SSN for people who are in this situation.

why can't they just generate an artificial ID number for all their students?

Read my reply to the parent. The school definitely needs your SSN. It probably shouldn't be used as a primary key, since there's a (very slim) chance it's not going to be unique, and not all students will have an SSN. But don't the vast majority of foreign students have a government issued ID number already (just not to be used for employment purposes)?

Re:Why do they need the SSNs?

[forand]

Berkeley does NOT use your SSN for your student number. It does, however need your SSN to provide you with federal financial aid and work. Since virtually EVERY grad student falls into one of these catagories they need the SSN.

Re:Why do they need the SSNs?

[Anonymous Coward]

Most schools will use an ITIN [irs.gov] assigned by the IRS for foreign nationals, because they often need to pay taxes on earnings/whatnot but have no SSN.

Re:It's easy to encrypt in Windows

[Wingsy]

Just as easy if not easier in OSX. Created an encrypted disk image (AES 128 bit) where the files are to be kept and do not put the pw in the Keychain. I'd trust encryption on a Mac a zillion times more than on Windows.

Re:Why do they need the SSNs?

[defy god]

http://www.ssa.gov/history/hfaq.html

Q20: Are Social Security numbers reused after a person dies?

A: No. We do not reassign a Social Security number (SSN) after the number holder's death. Even though we have issued over 415 million SSNs so far, and we assign about 5 and one-half million new numbers a year, the current numbering system will provide us with enough new numbers for several generations into the future with no changes in the numbering system.

Re:Why do they need the SSNs?

[antifoidulus]

AFAIK, foriegn students do receive SSN #s, but an SSN # doesn't entitle you to social security benefits. Everyone who is not on a short term visa is required to get one. I hosted a student intern from Argentina here at my school and had to help her get all this stuff.

Re:Why do they need the SSNs?

[mzwaterski]

If by video card you mean a card for renting movies and by "you guys" you mean US citizens, then I would say that we our pretty similar to you. Video stores generally take a driver's license number or credit card to keep on file, they don't require a social security number and I don't believe I've even been asked to provide one optionally.

Generally, social security numbers are used for things relating to schools, banking/investing/fincial activities, and government documents like tax returns.

Re:Why do they need the SSNs?

[AmigaAvenger]

the government does NOT recycle them! There are only around a billion possible #'s though, so at some point they will have to be recycled. (SSN's are assigned randomly or sequentially, some of the digits mean something.) How SSN's work [howstuffworks.com]

Clarification of classification

[sczimme]

Personal data need to be treated as government certification of Secret documents

First, I think you mean classification, not certification.

Second, there is a reason and a definition behind each classification. For example, the definition of SECRET according to the Defense Security Service (available here [dss.mil] (scroll down)) is as follows:

SECRET. The designation that shall be applied only to information or material the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe. (emphasis mine)

Nutshell: yes, personal information should be protected; no, it does not warrant the same protection as classified information.

or at least give it Collateral classification level treatment

Finally, Collateral is not a classification; it is a category of information classification. Our friends at DSS clarify the issue here [dss.mil]:

The current classification system starts with three levels of classification (Confidential, Secret, and Top Secret), often referred to collectively as collateral.

Please do some research before providing erroneous information. (For many years I worked in positions where I was required to know these things.)

Happened at my University too.

[Maul]

Last summer, I received a letter from the University I attended. They said that a computer system containing records for just about all current and former students had been compromised, and that it was possible our personal information (including SSN, etc.) had been stolen.

This is obviously not a unique situation.