Cornell University
is in trouble. A laptop was stolen containing 22,546 social security
numbers of students — half were alumni — and 22,731 social security
numbers for faculty and staff, including 4,284 retirees.

The
files on the computer containing the names and social security numbers
were not encrypted and the laptop was left in a physically unsecure
environment, which violates University policy, according to Simeon Moss
’73, director of Cornell University Press Relations.

Moss
said that the data on the laptop contained “no other sensitive data
elements” besides names and social security numbers and the University
is “confident” that it has identified everyone whose data was on the
computer.

This isn’t the first time Cornell has been hacked:

Last
June, a computer at Cornell used for administrative purposes was
hacked, and the University alerted 2,500 students and alumni that their
personal information had potentially been stolen. In 2005, the
University alerted over 900 individuals that their personal information
was stored on a computer that had been inappropriately accessed.

One
wonders why Cornell appears to so casually protect vital identifying
information that can publicly wound the innocent and destroy a private
life?

There is a lack of urgency in Cornell’s security
and protection policy and if the university want to continue to attract
the best and the brightest — and the most ripe for ripping off — the
school needs to condemn those at fault, punish them beyond relief, and
restore a sense of urgency and intimidation against any and all threats
against those it is vested to protect.