CEDAR FALLS, Iowa (AP) - A state audit shows the University of Northern Iowa has unencrypted laptops and portable devices that could pose a risk for identity theft, but school officials say they doubt it was the source of a recent such incident at the university.
The report released last July said encryption software had not been installed on all laptop computers and portable storage devices that could store sensitive information, the Waterloo-Cedar Falls Courier reported (http://bit.ly/OA3Azn ). This includes USB drives.
Dozens of university employees have said they’re victims of identity theft that was discovered after they filed their taxes this year. UNI officials later announced a data breach at the Cedar Falls school, and told all employees to assume they’ve been affected.
UNI officials don’t know where the breach occurred. Still, UNI spokesman Scott Ketelsen said there’s no reason to believe an unencrypted laptop used by an employee is the source. He said the school’s information technology department has been using special software for years that scans and locates sensitive information on computers.
“All the machines that have even a remote chance of any kind of personal or sensitive information on it have been encrypted since 2006,” he said.
Auditors recommended that all portable devices, included those used by students, be encrypted. But school officials say it would be “prohibitively expensive” to do so, and many personal laptops don’t have sensitive university data.
The data breach case remains under investigation. The school has hired a security firm to provide services.
“Obviously, we feel it should be done as quickly as possible,” he said. “Encryption of any personal data is extremely important whether with a university, private sector entities or anybody.”
Information from: Waterloo-Cedar Falls Courier, http://www.wcfcourier.com