University Times

A laptop stolen from a Pitt office last month contained personal information on some College of Business Administration alumni.

Katz Graduate School of Business Dean John T. Delaney, in an Aug. 27 letter to an undisclosed number of CBA alumni, informed recipients that a database of information on CBA graduates from the years 1998-2006 containing “your name and Social Security number and demographic information that you may have previously submitted to the College of Business Administration near the time of your graduation” was stored on a University-owned computer that was reported stolen from a Mervis Hall office on Aug. 11.

The letter, a copy of which was obtained by the University Times, stated the University has no evidence the information had been accessed or misused and that credit bureaus Experian, Equifax and TransUnion have been notified about the theft.

The letter also instructed recipients on steps to take if they wish to place a fraud alert with one of the credit bureaus, offered advice on other ways to watch for signs of identity theft and provided a toll-free hotline number and email address for those seeking further information.

Dean Delaney’s office referred University Times questions to Robert Hill, vice chancellor for Public Affairs.

Citing the ongoing investigation, Hill declined to provide details on the theft or the number of alumni whose information was on the stolen computer.

However, according to Pitt Fact Book figures, during the timeframe cited in the dean’s letter, CBA awarded 3,096 baccalaureate degrees.

Hill said alumni data were collected just prior to graduation in the final semester of the CBA students’ senior year, adding that the compromised data were limited to CBA alumni.

He said Pitt had no regulation that precluded the collection of such information until it established a policy in 2005 that forbade it.

A June 1, 2005, memo from Vice Provost Robert Pack, the University’s privacy officer, as well as a link to the full policy, No. 10-02-08, which took effect Aug. 14, 2006, can be found at www.provost.pitt.edu/memo/pack-memos.html.

Hill characterized the policy violation as an “isolated incident” in which the employee stored information that should have been purged and that after 2005 should not have been collected.

He said the University “has taken appropriate action with the employee” but would not elaborate, citing the confidential nature of personnel matters.

Pitt police said the computer was not protected by the Computrack Plus computer security software available to faculty and staff through Computing Services and Systems Development. The software can remotely erase a stolen computer’s hard drive to prevent misuse of sensitive data and can enable a computer to send a locating signal when connected to the Internet. (See Oct. 25, 2007 University Times.)

Pitt Police Chief Tim Delaney said the laptop has not been recovered.

The Pitt police department has reviewed security videotape from Mervis Hall and interviewed approximately 30 people regarding the theft, he said, adding the investigation is continuing in conjunction with other area law enforcement departments.

Delaney characterized most laptop thefts on campus as crimes of opportunity — typically a student walking away from his or her laptop and returning to find it gone.

He said police have not encountered an increase in the number of laptop thefts on campus, nor a rash of thefts at Mervis Hall.

— Kimberly K. Barlow