Stolen USB Incident FAQ - November 2006

Cal State L.A. logo and University Seal - Link back to main page

Stolen USB Drive Incident FAQ

Contact us: (800) 883-4029
Black and gold graphic bar
 
Frequently Asked Questions about
Information Security Incident: Stolen USB Drive -
November 2006
Note: This page was updated on July 5, 2007.
  1. I have reviewed the information security incident website, but still have questions. How can I get more information?
  2. How did this theft occur?
  3. What personal information was on the USB drive?
  4. Why was Charter College of Education using personal information?
  5. Was the personal information on the USB drive encrypted?
  6. Why was my unencrypted personal information on this USB drive?
  7. I received a notification by letter about this incident. Does that mean that someone actually got my information?
  8. I haven't received an official notification letter or e-mail from Cal State L.A. about this incident, but I want to confirm whether I am an affected individual. How can I do this?
  9. How can I speak to someone directly by phone?
  10. Will I be getting a call from the University?
  11. Will this incident affect my ability to obtain a teaching credential or teaching job?
  12. What can I do to protect myself if the thief or thieves obtained my information?
  13. Do I need to obtain a credit report from all three agencies, or is querying one sufficient?
  14. If I see something suspicious on my credit report, Social Security report, or banking statement, whom should I contact to investigate the activity?
  15. Will the University pay for my credit report?
  16. Are there negative consequences for placing a fraud alert?
  17. As a result of this incident, what is Charter College of Education doing to minimize theft of personal information?
  18. What disciplinary action is being taken against the person whose USB drive was stolen?

 

  1. I have reviewed the information security incident website, but still have questions. How can I get more information?
    For additional assistance, call Charter College of Education at (323) 343-4300 
    Back to top.

  2. How did this theft occur?
    An employee’s personal USB drive was in a purse that was stolen in the Norwalk area. The theft was reported to the police.
    Back to top.

  3. What personal information was on the USB drive?
    This information on the USB drive of 2,534 individuals included the names and Social Security numbers of faculty supervisors, and the first names, last names, Social Security numbers (SSNs), campus identification numbers (CINs), phone numbers, and e-mail addresses of applicants, students, and program completers.
    Back to top.

  4. Why was Charter College of Education using personal information?
    Charter College of Education deals with the California Commission on Teacher Credentialing, which requires the use of Social Security numbers of students and applicants.  In violation of University guidelines and standard practices, Charter College of Education was using Social Security numbers of faculty as identifying numbers. 
    Back to top.

  5. Was the personal information on the USB drive encrypted?
    No, but it should have been. In this case, University guidelines and standard practices were not followed.
    Back to top.
     
  6. Why was my unencrypted personal information on this USB drive?
    An employee copied student files onto her USB drive to work on them at home. Faculty information was inadvertently copied. The employee was not authorized to have unencrypted personal information of applicants, students, student completers, or faculty on her USB drive.
    Back to top.

  7. I received a notification by letter about this incident. Does that mean that someone actually got my information?
    There is no way of knowing if anyone actually retrieved or used your personal information from the USB drive. However, affected individuals should consider taking steps to protect themselves from possible fraud and identity theft.
    Back to top.

  8. I haven't received an official notification letter or e-mail from Cal State L.A. about this incident, but I want to confirm whether I am an affected individual. How can I do this?
    You can call Charter College of Education at (323) 343-4300.
    Back to top.

  9. How can I speak to someone directly by phone?
    Call Charter College of Education at (323) 343-4300.
    Back to top.

  10. Will I be getting a call from the University?
    The University will not call you about this incident unless it is in direct response to an inquiry from an affected individual. However, you may Charter College of Education at
    (323) 343-4300 for more assistance.
    Back to top.

    Caution: Be wary of individuals claiming to be affiliated with the University who may contact students, employees, and alumni asking for personal information such as Social Security numbers and credit card numbers with PINs. Do not release any private information in response to any contacts of this nature. Please be aware that Cal State L.A. will only contact those members of the campus community who are affected by this incident, and will only give information about the incident and resources to help prevent possible fraud or identity theft. The University will not ask for any personal confidential information unless it is in response to an inquiry from an affected individual.
    Back to top.

  11. Will this incident affect my ability to obtain a teaching credential or teaching job?
    Since teaching credentials require a Certificate of Clearance that is issued based upon an analysis of fingerprints as well as other identifying information, this incident should not affect your ability to obtain a teaching credential or teaching job. Nonetheless, we urge you to regularly obtain copies of your credit report and report any suspicious activity on your accounts immediately.
    Back to top.

  12. What can I do to protect myself if the thief or thieves obtained my information?
    Visit the State of California Department of Consumer Affairs Office of Privacy and Protection website at http://www.privacy.ca.gov/cover/identitytheft.htm for helpful information about protecting your identity. You should consider contacting the credit reporting agencies listed below to complete an automated phone-in fraud alert process. When you request a free fraud alert, the agencies will automatically place fraud alerts on your accounts listed with them, and will separately mail you a credit report at no cost. The telephone numbers and web addresses of the three major credit agencies are below. Please note the menu options for placing a fraud alert by phone.

          Equifax http://www.equifax.com
          (800) 525-6285   [select menu option 1]
       
          Experian http://www.experian.com
          (888) 397-3742 [select menu option 2 1 to hear recording of rights, or
          2 to skip recording ► 32]  

          TransUnion http://www.transunion.com
          (800) 680-7289 [select menu option 9]    
    Back to top.

  13. Do I need to obtain a credit report from all three agencies, or is querying one sufficient?
    When you place a free fraud alert with one of the credit reporting agencies, that agency is supposed to notify the other two agencies. To be on the safe side, it may be a good idea for you to contact all three. Fraud alerts will then be placed automatically on your accounts, and credit reports from the agencies will be mailed to you at no cost. The telephone numbers and web addresses of the three major credit agencies are below. Please note the menu options for placing a fraud alert by phone.

          Equifax http://www.equifax.com
          (800) 525-6285   [select menu option 1]
       
          Experian http://www.experian.com
          (888) 397-3742 [select menu option 2 1 to hear recording of rights, or
          2 to skip recording ► 32]  

          TransUnion http://www.transunion.com
          (800) 680-7289 [select menu option 9]    
    Back to top.

  14. If I see something suspicious on my credit report, Social Security report, or banking statement, whom should I contact to investigate the activity?
    The California Attorney General's website has some helpful hints on what to do if you suspect fraud or identity theft: http://caag.state.ca.us/idtheft/tips.htm. The State of California Department of Consumer Affairs Office of Privacy Protection also has various tips regarding identity theft: http://www.privacy.ca.gov/cover/identitytheft.htm. In addition, you can call your local law enforcement agency (e.g., city police department) to file a fraud report.
    Back to top.

  15. Will the University pay for my credit report?
    No, but when you place a fraud alert with one of the credit reporting agencies, you will receive a free credit report. The California Office of Privacy Protection recommends every individual request a copy of his or her credit report on a yearly basis. Each affected individual interested in checking their credit report will need to pay the applicable fees, as they would every year to protect their information. For more information, see the California Office of Privacy Protection website: http://www.privacy.ca.gov/sheets/cis1english.htm.
    Back to top.

  16. Are there negative consequences for placing a fraud alert?
    Fraud alerts are designed to protect potential and actual victims of fraud and/or identity theft, but please note that there may be some inconveniences to placing an alert. According the Federal Trade Commission’s website: “When a business sees the alert on your credit report, they must verify your identity before issuing you credit. As part of this verification process, the business may try to contact you directly. This may cause some delays if you're trying to obtain credit. To compensate for possible delays, you may wish to include a cell phone number, where you can be reached easily, in your alert. Remember to keep all contact information in your alert current.” [http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/defend.html#Whatisafraudalert]
    Back to top.
     
  17. As a result of this incident, what is Charter College of Education doing to minimize theft of personal information?
    Charter College of Education issued a reminder to all its faculty and staff about proper use of Social Security numbers and encryption of personal information. Every faculty and staff member is required to participate in ongoing information security training.
    Back to top.
     
  18. What disciplinary action is being taken against the person whose USB drive was stolen?
    Personnel matters are considered confidential, and therefore, Cal State L.A. cannot comment on specific disciplinary actions involving campus employees. However, please know that the University is addressing the situation appropriately.
    Back to top.