Hard drive with US social security numbers disappears

The disappearance of a laptop hard drive in the California State University (CSU) system has triggered a year-old state law...

The disappearance of a laptop hard drive in the California State University (CSU) system has triggered a year-old state law requiring anyone whose personal information might have been stolen to be notified.

The hard drive, which contained names, addresses and social security numbers for some 23,000 students, faculty members and employees at seven CSU campuses, is believed to have been accidentally thrown away after it was replaced by an IT technician, said Clara Potes-Fellow, a spokeswoman for the university's chancellor's office. 

We have not had any cases of identity theft related to the incident, she said. But under the new law, letters were mailed to all 23,000 people affected by the data loss in late July to inform them of the situation. 

Under the California law that went into effect last year, businesses and public agencies are required to inform individuals when their names - in combination with either their social security numbers, driver's licence numbers or credit/debit card numbers with personal identification numbers - have been accessed by an unauthorised person. 

The hard drive went missing over the weekend of 25 June, Potes-Fellow said, when a computer technician was "rushing to get out of the office on a Friday afternoon" and left the part on a table next to a rubbish bin after replacing it with a new drive. When the technician returned the following Monday, the old drive and the box from the new drive were missing. 

A police investigation concluded that the drive had not likely been stolen but was probably thrown away by a cleaning crew, Potes-Fellow said. Cleaning crew workers told police that it was not unusual for them to find discarded computer parts in the trash cans, she said. 

The university system has received about 350 comments from some of the affected users, Potes-Fellow said. About four of the users said they suspected that they had recently been victims of identity theft, but they could not link the incidents to the disappearance of the university's hard drive, she said.

Todd R Weiss writes for Computerworld

Read more on Hackers and cybercrime prevention