DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Crime victims’ and witnesses’ sensitive information on devices stolen from researcher’s university office

Posted on January 17, 2014 by Dissent

Brian Bakst of AP reports:

A University of Minnesota law professor has apologized to violent crime victims and witnesses after a computer with sensitive information of nearly 300 people was stolen from his office, but he said Friday that there’s no indication the thief has accessed the data.

Criminologist Barry Feld, a prominent juvenile justice scholar, was collecting data from closed case records for a study on law enforcement interrogation techniques when the laptop, a scanner and external hard drive were taken last February. His research, which required his team to sign confidentiality agreements before obtaining the data, has since been terminated.

Read more on Pioneer Press. Maura Lerner of the Star Tribune, who broke the story yesterday, noted the sensitivity and background of the individuals whose data were on the stolen devices:

All had been witnesses or victims in cases that were prosecuted in early 2005 in Hennepin and Ramsey County courts.

One victim, who had been raped as an 11-year-old, received Feld’s letter last week. Her mother told the Star Tribune that she was shocked by the data theft, and that she had no idea that her daughter’s information had been shared with a researcher. “I was aghast,” she said. It was particularly galling, she said, because the family had been unable to get some of that same information, such as witness testimony, when they requested it.

Feld admitted that the data were not properly secured:

“I did not properly protect the data,” Feld told The Associated Press in a phone interview Friday. The incident was first reported by the Minneapolis Star Tribune.

A police report said the equipment wasn’t locked and was stolen from under a desk in the office Feld shares with several research assistants. University police made no arrests in the case nor have they had any leads, according to a school spokesman.

Not only were the data not properly secured, it would appear that there was no backup or master index, as it took from last February until now for them to reconstruct a list of who needed to be notified.

All in all, this sounds like a total failure. I would love to see the contract or agreement the professor signed with the county to gain access to the research materials. Did the agreement require him to not just maintain confidentiality but to actually deploy reasonable and commercially available security protocols? If not, why not? Perhaps some enterprising reporter in Minnesota might want to investigate whether the state and county are requiring adequate security for access to personal and sensitive information.

Related posts:

  • Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty
Category: Breach IncidentsCommentaries and AnalysesEducation SectorOf NoteTheftU.S.

Post navigation

← SC: Employee Fired in Security Breach Sues State
Identity info of every licensed physician in Puerto Rico acquired in hack (updated) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
  • Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier
  • Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
  • Ministry of Defence data breach timeline
  • Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan
  • A year after cyber attack, Columbus could invest $23M in cybersecurity upgrades
  • Gravity Forms Breach Hits 1M WordPress Sites
  • Stormous claims to have protected health info on 600,000 patients of North Country Healthcare. The patient data appears fake. (2)
  • Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)
  • A Balancing Act: Privacy Issues And Responding to A Federal Subpoena Investigating Transgender Care
  • Here’s What a Reproductive Police State Looks Like
  • Meta investors, Zuckerberg to square off at $8 billion trial over alleged privacy violations
  • Australian law is now clearer about clinicians’ discretion to tell our patients’ relatives about their genetic risk
  • The ICO’s AI and biometrics strategy
  • Trump Border Czar Boasts ICE Can ‘Briefly Detain’ People Based On ‘Physical Appearance’

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.