DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Crime victims’ and witnesses’ sensitive information on devices stolen from researcher’s university office

Posted on January 17, 2014 by Dissent

Brian Bakst of AP reports:

A University of Minnesota law professor has apologized to violent crime victims and witnesses after a computer with sensitive information of nearly 300 people was stolen from his office, but he said Friday that there’s no indication the thief has accessed the data.

Criminologist Barry Feld, a prominent juvenile justice scholar, was collecting data from closed case records for a study on law enforcement interrogation techniques when the laptop, a scanner and external hard drive were taken last February. His research, which required his team to sign confidentiality agreements before obtaining the data, has since been terminated.

Read more on Pioneer Press. Maura Lerner of the Star Tribune, who broke the story yesterday, noted the sensitivity and background of the individuals whose data were on the stolen devices:

All had been witnesses or victims in cases that were prosecuted in early 2005 in Hennepin and Ramsey County courts.

One victim, who had been raped as an 11-year-old, received Feld’s letter last week. Her mother told the Star Tribune that she was shocked by the data theft, and that she had no idea that her daughter’s information had been shared with a researcher. “I was aghast,” she said. It was particularly galling, she said, because the family had been unable to get some of that same information, such as witness testimony, when they requested it.

Feld admitted that the data were not properly secured:

“I did not properly protect the data,” Feld told The Associated Press in a phone interview Friday. The incident was first reported by the Minneapolis Star Tribune.

A police report said the equipment wasn’t locked and was stolen from under a desk in the office Feld shares with several research assistants. University police made no arrests in the case nor have they had any leads, according to a school spokesman.

Not only were the data not properly secured, it would appear that there was no backup or master index, as it took from last February until now for them to reconstruct a list of who needed to be notified.

All in all, this sounds like a total failure. I would love to see the contract or agreement the professor signed with the county to gain access to the research materials. Did the agreement require him to not just maintain confidentiality but to actually deploy reasonable and commercially available security protocols? If not, why not? Perhaps some enterprising reporter in Minnesota might want to investigate whether the state and county are requiring adequate security for access to personal and sensitive information.

Related posts:

  • Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty
Category: Breach IncidentsCommentaries and AnalysesEducation SectorOf NoteTheftU.S.

Post navigation

← SC: Employee Fired in Security Breach Sues State
Identity info of every licensed physician in Puerto Rico acquired in hack (updated) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case
  • Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
  • Hacker with ‘political agenda’ stole data from Columbia, university says
  • Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • DOJ investigates ex-ransomware negotiator over extortion kickbacks

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.