What happened? Thieves stole the two laptops in early September. They were able to break into the office because it appears the lock mechanism on the office door malfunctioned. There was no sign of forced entry.
What kind of personal information? Social security numbers.
How many victims? An undisclosed number of students who enrolled in classes between the summer of 2004 and spring 2006.
What was the response? Students affected by the breach were notified on the weekend of Sept. 29. The university provided them with a website through which they could place a fraud alert on their accounts.
Details: Officials do not believe the thieves targeted the computers because of the sensitive information residing on them. Meanwhile, the university already has begun to limit the use of Social Security numbers in student files.
Ironically, Carnegie Mellon is the home to the Computer Emergency Response Team (CERT), part of the Software Engineering Institute. The institute serves as a federally funded research and development center. CERT coordinates communication among experts during cybersecurity emergencies.
Source: TheTartan.org (The Tartan); Oct. 8, "Professor's laptops stolen; contained unsecured student information."