Washington State University (WSU) is committed to protecting the security and confidentiality of all personal information entrusted to it. Regrettably, the University was involved in a security incident involving certain community members’ personal information in April 2017.
On April 21, we learned that a locked safe containing a hard drive had been stolen. The hard drive was used to store backed-up files from a server used by our Social & Economic Sciences Research Center (SESRC). Immediately upon learning of the theft, we initiated an internal review and notified local law enforcement.
On April 26, we confirmed that the stolen hard drive contained personal information from some studies and evaluations conducted by the SESRC. As a result, we retained a leading computer forensics firm to assist in the investigation. The drive contained documents that included personal information such as names, Social Security numbers and, in some cases, personal health information. Entities that provided data to the SESRC include school districts, community colleges, and other customers.
We take this incident very seriously. We notified impacted individuals so they could take steps to protect themselves and offered free credit monitoring and identity theft protection services to those individuals whose personal information may have been accessed. We also notified the entities that provided SESRC with data that included personal information.
As president of Washington State University, I deeply regret that this incident occurred and am truly sorry for any concern it may cause our community. The University is taking steps to help prevent this type of incident from happening again. These steps include strengthening our information technology operations by completing a comprehensive assessment of IT practices and policies, improving training and awareness for University employees regarding best practices for handling data, and employing best practices for the delivery of IT services.
WSU mailed letters to affected individuals on June 9 and established a dedicated call center to answer any questions. This call center is now closed. If you have questions regarding this incident, please address them to firstname.lastname@example.org.
Kirk H. Schulz
Vice President for Information Technology Services and CIO