VCU Taking Steps to Mitigate Potential Exposure of Student SSNs

Share this story

Virginia Commonwealth University has notified about 17,000 current and former students of a potential exposure involving their Social Security numbers.

A desktop computer was stolen from a locked area within a locked room in VCU’s Cabell Library in mid-April, and it may have contained personal information containing student names, Social Security numbers and test scores from the period ranging from October 2005 to the present. VCU discontinued use of Social Security numbers as ID numbers in January 2007.

“A month-long investigation by VCU Police has identified the individual responsible, who has admitted taking the machine for his personal use,” said Mark Willis, VCU’s chief information officer. “VCU Police believe the computer was disposed of shortly after the theft. Nevertheless, we are contacting appropriate government agencies and credit reporting organizations.” The Commonwealth’s Attorney’s Office will determine whether charges are filed.

“Although it is highly unlikely that the sensitive data on the machine was accessed, we were unable to recover the machine to be sure. Since Social Security numbers could be potentially viewed and used for identity compromise, VCU has sent letters to 17,214 students notifying them of this theft,” Willis said. “VCU is also offering identity theft insurance for a one-year period at no cost to the students.”

The computer was part of a scanning system used by Technology Services to score tests and to record grades for many university classes. An additional 22,500 students were notified that their names and test scores may have also been on the computer. No Social Security numbers were recorded with those names, but in some cases, computer-generated student ID numbers were involved.

The credit and identity theft monitoring that VCU is offering the students through Equifax includes $1 million of identity theft insurance.

“We are also providing guidance on steps to take to guard against identity theft,” Willis said. “Although we believe that the risk of identity theft from this incident is very small, we are taking all prudent steps to protect our students.  We are also taking actions to enhance data and physical security in the area where the computer was stolen.”