 "Photo: Edward Drakhlis")
At the end of October, the City University of New York informed over 23,000 students and former students, who were recipients of financial aid, that they were victims of identity theft. Around Monday, Oct. 15, a laptop with the names and social security numbers of students who received the Academic Competency Grant was stolen from CUNY premises.
The laptop contained a file with names, social security numbers, citizenship status, GPA and the expected family contribution toward tuition of the student recipients of the Academic Competency Grant throughout the CUNY system. The file did not contain addresses or any family income information.
Harvey Shifter, a spokesperson for CUNY's Financial Aid office, described the laptop as inoperable. "When you turned it on," he said, "you would get a blue screen." In addition, he said the file was password protected.
A blue screen does not necessarily mean that data is irretrievable, however.
Richard Holowczak, associate professor in the computer information studies program at Baruch College, said software programs do not need to be running in order to obtain data from files. "You could attach a hard disk and read all of the data off that way."
He also said that the inviolability of password protection varies widely, depending on the program.
Instructions on recovering passwords and software programs designed specifically for this purpose are widely available on the internet.
Holowczak noted, "Someone who is determined could find a way to crack the password."
Shifter said that it was a few days before the financial aid office noticed that the laptop was missing. The laptop was stored in a room that required the knowledge of a combination to gain access.
He did not know any of the details of how the property was stolen or how entry was gained to a secured room.
While a police report was filed, there are no suspects and the police, Shifter said, have closed the case.
CUNY suggests that students monitor their credit reports as well as put a fraud alert on their accounts. By calling any of the three major credit agencies, Experian, Equifax or Transunion and implementing a fraud alert, it will automatically be adopted by all three agencies.
A fraud alert requires a credit card company or a business to double check with the holder of the account before a new credit line is opened.
The fraud alert gives businesses the direct contact information of the account holder. Anyone, regardless of whether they are a victim of identity theft, can obtain a fraud alert for their credit reports. CUNY's website, cuny.edu, has links to credit agencies and free consumer service information.
Sophomore Lillian Rizzo said she knew the letter was coming because her boyfriend, a Brooklyn College student, also received one.
She immediately went online and put alerts on her accounts and will now monitor their activity.
Rizzo said that both she and her boyfriend tried to call Shifter, the contact person listed in the letter, but he had not returned any of their calls.
Shifter said that he has not heard of any suspicious activity or economic loss due to the theft. When asked what steps CUNY would take if students did incur losses, he said, "I don't have an answer at this point." He did say that in response to the theft, CUNY will no longer store sensitive data on laptops. When asked if the combination on the door has been changed since the theft, he replied that he did not know.
Rizzo said that she was not relying on CUNY to assist her further in the situation. "I don't understand how a laptop with financial aid information gets stolen in the first place," she said.
Be the first to comment on this article!