In light of last week’s potential security breach at a Kirkwood office in Iowa City, UI officials said students’ and faculty’s personal information is secure on the university’s servers.
At the UI, where students’ ID numbers used to be their Social Security numbers, only people who need individuals’ personal information for work have access to it, said Jane Drews, a UI information technology security officer. One example is university offices that submit data to the government.
While there have been isolated security breaches in the past, Drews said, she is not aware of any that have occurred recently.
But UI students have mixed views on how secure their personal information truly is on the university’s servers.
UI senior Loreto Garcia said he isn’t concerned about the security of his information and he feels “confident” in the university’s system.
UI senior Spencer Scavo remains unconvinced, however.
“I just feel like there are so many people who have access to that information,” she said.
Incidents such as the possible breach at Kirkwood’s office in Iowa City only add to suspicions.
According to Iowa City police, James Mumford, a 23-year-old Coralville man, visited Kirkwood’s Skills-to-Employment, PROMISE JOBS office on June 4 and allegedly stole a flash drive containing names and Social Security numbers of some of the participants in the program from an employee’s computer. The employee had left the room.
But officials said the incident does not mean personal information of Kirkwood students and faculty is at risk, said Kim Johnson, the executive director of Kirkwood’s Continuing Education Programming.
Mumford returned the flash drive fewer than three hours later, denying he had saved any of the data it contained. Computer experts were unable to confirm this, according to reports.
“Any time that sensitive data like that is taken, there’s some concern — as in this case — about what happened to the data between the time that it was taken and the time that it was returned,” Iowa City police Sgt. Troy Kelsay said.
Kirkwood officials immediately sent letters to the 1,600 individuals and businesses with records on the flash drive, notifying them of the incident and offering them free credit monitoring for 12 months, Johnson said.
But so far, less than half of the nearly 50 people who have contacted Johnson have accepted the free credit-monitoring service.
Storing Social Security numbers on flash drives is not common procedure with the PROMISE JOBS program, Johnson said. At the time of the incident, there was no formal monitoring process in place to see how flash drives were being used.
The employee put the information on the drive because she did not have access to the network from a remote site, Johnson said.
Kirkwood officials have banned the use of any external storage device in the PROMISE JOBS program and scheduled discussion and training for staff on confidential data.
At the UI, Drews said she didn’t know of any cases at the university in which such information was stored on portable devices, though she couldn’t be certain that had never happened.
