The University of Guelph (U of G) will cover the cost of identity theft protection for 19,000 students whose private information may have been on computer equipment stolen last month.
Fifteen computers, including both laptops and desktops, a cellphone, and a personal hard drive were all taken from behind locked doors on Jan. 27, according to Chuck Cunningham, the university’s assistant vice-president of communications and public affairs.
The hard drive might have contained students’ names, addresses, social insurance numbers, dates of birth and university identification numbers, university information officer Rebecca Graham said in a Feb. 6 email alerting students about the situation.
The identity theft protection will be provided by the university through Equifax Canada for one year, according to another email from Graham.
It “will include 24/7 credit monitoring with email notification of any changes to your file,” the email stated.
The theft followed another high-profile information loss. In November, a hard drive containing personal information for 583,000 student loan recipients went missing from Human Resources and Skills Development Canada (HRSDC), a federal department. HRSDC is providing credit checks, also through Equifax, for six years.
U of G also said that decisions about additional measures to account for the possible loss of information “will be made as and when the university considers appropriate.”
Cunningham said that while the university doesn’t have indication to believe the information has been used for illegal purposes so far, the credit protection is necessary just in case.
“While information that was on the device is regularly deleted, it was determined that people with the right equipment could possibly grill deep and retrieve information,” Cunningham said.
Josh Rosenberg, a second-year U of G student, said he chose not to sign up for the credit monitoring as he felt it wasn’t necessary.
“I don’t want to give my information to another company if I don’t have to,” Rosenberg said, adding that he’s been checking his bank statements carefully since finding out about the break-in.
Although Rosenberg said he’s upset his information may have been stolen, he felt the university did a good job handling the situation and informing students.
“They did pretty much everything they possibly can,” Rosenberg said.
But students didn’t receive the initial email from Graham until 11 days after the theft, which Cunningham said was due to the university determining what information was on the hard drive.
“We took the cautious approach,” Cunningham said, noting that the 19,000 number is a “fairly wide net” to cover all grounds.
“In reality, we believe far fewer students had info on the device,” he said.
Rosenberg was not as convinced.
“That actually makes it worse that they don’t even know whose information was stolen,” Rosenberg said.
The cost of the equipment to the university should be “several thousand dollars,” Cunningham said, along with $150 per student who chooses to enrol in the credit monitoring service through Equifax.
He declined to speculate on whether U of G will encrypt students’ personal information, but said the university will likely take some form of action moving forward.
“I will expect that we will see changes in procedure that will avoid this happening again in the future,” Cunningham said.