Tuesday, July 15, 2008

FREQUENTLY ASKED QUESTIONS
POTENTIAL INADVERTENT RELEASE OF STUDENT INFORMATION

Q: I received a letter in the mail and I'm not sure what it means.
A: The letter is to inform you that an electronic file that contained your name and student identification number, which may be your social security number, was contained in a university-owned laptop computer that was stolen. There is no evidence to suggest that password security was breached, but the university is taking the precaution of notifying all affected students for whom it has current information. It is important to note that the use of social security numbers in favor of university-specific identification numbers was implemented in 2003. Only students enrolled prior to 2003 are at risk of having their social security numbers viewed by an unauthorized individual as a result of this incident.

Q: When did this happen?
A: The incident occurred on July 12, 2008 and was reported to university officials on July 14, 2008.

Q: I didn't get a letter; how do I know my personal information was not exposed?
A: If you took an economics class between 1997 and spring semester 2008, you information may have been included on the stolen laptop.

Q: Was any personal financial information accessed?
A: No. Only names, grades, e-mail addresses and student identification numbers were on the missing laptop.

Q: How can I be sure that this will not happen again?
A: ISU Faculty and staff are being reminded that university policy prohibits the storage of private sensitive data on portable computers. Furthermore, encryption software and other security provisions are available for use by faculty and staff who use laptop computers. While no security can be 100%, we will do what we can to minimize the chances of recurrence.

Q: Do I need to change all my credit card information, etc.?
A: That decision is ultimately up to you; however, it may be premature to take any such action. As a precaution, you may wish to contact one of the major credit bureaus to request a fraud alert be placed on your accounts. The alert will advise credit grantors to contact the consumer prior to extending any new credit. Once an alert is added, you will receive a copy of your credit report. And while your account is under a fraud alert, you will be able to receive free copies of your credit file for about a year. Plan to request a copy at one to two months following the alert being placed on your file.

Please visit the following credit bureaus to learn more about how to protect against that risk.

Trans Union - www.tuc.com
Equifax - www.equifax.com
Experian - www.experian.com

Q: What should I do now?
A: Be on the lookout for unusual transactions for the next several months - monitor any change in mail receipt patterns, unexplained cellular phone or credit card accounts; any usage of accounts that you have not initiated. You may also want to review activity on your credit bureau file. Review these web sites for detailed information:

Trans Union - www.tuc.com
Equifax - www.equifax.com
Experian - www.experian.com

Q: How long am I going to have to be on the lookout?
A: A minimum of several months. However, you should always be on guard to protect yourself from these types of transactions.

Social Security Number

The following is excerpted from the statement of Professor Fred H. Cate (Professor of Law, Harry T. Ice Faculty Fellow, and Director of the Information Law and Commerce Institute, Indiana University School of Law -- Bloomington) during the Congressional Briefing on the Public Record: Social Security Numbers and Sensible Policies for the Information Age, Washington, D.C., February 15, 2001.

"Two points are critical here: First, knowing my Social Security Number alone does not get me credit; it is merely a quick way of locating reliable information about me that can be used to verify my identity. Second, the Social Security Number is by no means the only way of accessing that record. Some businesses use telephone numbers or driver license numbers, for example. [...]

"The risk of identity theft or fraudulent misuse of personal information is exceedingly small. This does not, of course, mean that identity theft is not an important issue, but rather that it is among the least common of all frauds perpetrated in the United States. [...]

"Fortunately, when identity theft does happen, consumers are well protected by existing federal and state law. For example, identity theft victims do not have to pay for the fraudulent charges that identity thieves rack up in their victims' names. Those charges are virtually always paid by the merchants from which the goods or services were fraudulently obtained, or the financial institutions who extended credit or whose charge or debit cards were fraudulently used by the identity thieves, ....”

The answers to the following two questions were provided by Robert Boch, District Manager, Social Security Administration:

Q: What can someone do with a stolen SSN?
A: "With just a SSN there is little anyone can do in the way of setting up a false identity or securing credit. Generally an identity thief would need more information and documentation to set up false credit. SSA has significantly tightened our security procedures to prevent someone with a stolen SSN from gaining access to more information through our agency. A foreign national might, although it is unlikely, be able to work under a stolen SSN. This would not have a negative effect on the person whose number was stolen."

Q: How easy is it for someone to get my SSN?
A: "It is normally difficult for anyone who you don't authorize to get your SSN. Normally you have to be the one who provides your SSN. Most significant financial transactions require your SSN. The same is true for employers, most schools, state and other governmental activities. Once your SSN is in circulation, like your name, your SSN will be available to many people. At SSA we rarely find any problems with the actual misuse of a person's SSN.

Remember we give out our credit card numbers to store clerks, over the phone and on the Internet and for most of us nothing goes wrong. The same is true for our SSNs. Often Internet theft of SSNs is done more to prove the hacker can, than to do any actual damage. However, if your SSN is compromised, we recommend that you check with credit bureaus after a month or more has passed to see if any unauthorized activities occur. If that happens contact SSA and we will help you work through the process.”

The Social Security Administration has material that explains what to do when identity theft might be a problem. You can call a local office and ask for the booklet "I.D. Theft" and pamphlet "When Someone Misuses Your Number." More information is available on the SSA website at www.ssa.gov.

Q: If I think someone else has used my SSN, what should I do?
A: Go to website www.consumer.gov/idtheft or call 1.877.IDTHEFT for additional information.

Q: Can I get my SSN changed?
A: The Social Security Administration determines that. According to their web page they will only consider it if there has been proven misuse of your SSN. Please review their information at www.ssa.gov.