PULLMAN, Wash., June 9, 2017 — Today, Washington State University (WSU) announced that it is addressing a security incident involving certain community members’ personal information. Though there is no evidence the personal information has been accessed or misused, WSU is notifying impacted individuals and offering free identity protection services to those individuals whose personal information may have been accessed.
On April 21, 2017, WSU learned that a locked safe containing a hard drive had been stolen. The hard drive was used to store backed-up files from a server used by the university’s Social & Economic Sciences Research Center (SESRC). Immediately upon learning of the theft, WSU initiated an internal review and notified local law enforcement. On April 26, WSU confirmed that the stolen hard drive contained personal information from some survey participants and, as a result, the university retained a leading computer forensics firm to assist in the investigation.
The drive contained documents that included personal information from survey participants, such as names, Social Security numbers and, in some cases, personal health information. Entities that provided data to the SESRC include school districts, community colleges and other customers. WSU is also notifying the entities that provided SESRC with data that included personal information.
Immediately upon learning of the theft, WSU initiated an internal review, notified local law enforcement, and retained a computer forensics firm to assist in the university’s investigation. As soon as it was determined which individuals might be impacted, the university sent them notification letters and information about how they can enroll in one free year of credit monitoring and identity theft protection services through Experian. More information is available on WSU’s website: www.wsu.edu/security-incident. Individuals with questions should call 866-523-9195 between 8:00 a.m. and 6:00 p.m. Pacific time, Monday-Friday.
WSU remains committed to protecting the security and confidentiality of all personal information, and deeply regrets any concern this may cause. The university is taking steps to help prevent this type of incident from happening again. These steps include strengthening WSU’s information technology operations by completing a comprehensive assessment of IT practices and policies, improving training and awareness for university employees regarding best practices for handling data, and employing best practices for the delivery of IT services.
SOURCE Washington State University