The University of Arizona recently announced the loss of a hard drive containing the personal information on former students. The drive, holding information on individuals enrolled at the university between 1997 and 2008, contained names and Social Security numbers of over 8,000 former students. The drive was moved during the summer of 2010 to a new building and was discovered missing in October 2010.
According to the University of Arizona's Dean of Students Dr. Carol Thompson, the files and drive were always under supervision, even during the move. Thompson called the incident troubling. In a notice to the affected individuals, the university asks that the former students watch for signs of possible identity theft.
See the article: http://www.adamdodge.com/esi/university_ arizona_losses_drive_ containing_personal_ information_thousands
The emergence of external hard drives, USB sticks or even smart phones makes our work and life much easier. Portable storage media with large storage sizes and convenient connectivity interface allow students or staff to take their study and work wherever they go.
Nevertheless, portable storage media poses a number of security threats to the university. Without adequate protection mechanism like authentication or encryption, portable storage media may bring significant risk of data theft or data loss. On the other side, improper use of protection mechanism (e.g. loss of decryption key) or device failure could deny the university from accessing important data timely.
Another common threat is the introduction of malware from portable storage media to the university's IT systems. Hackers may use social engineering techniques to manipulate users into connecting infected portable data storage devices to their desktop, laptop or even university's IT systems.