UTPA acknowledges personal employee information missing on portable hardware device

EDINBURG — The University of Texas-Pan American acknowledged on Thursday that an employee recently lost a mobile drive device containing the names, Social Security numbers and salaries of about 1,500 full-time employees.

“It is an incident, it’s not a breach,” said James Langabeer, vice president for business affairs.

“A breach is when someone takes something out of your computer and deliberately takes it from you. If you lose it, it’s an incident.”

As of Thursday, university staff said they had not heard of any misuses of the information on the portable hard drive. The university employs about 2,200 full-time workers. (Read the letter sent out by the university)

“It isn’t a heinous crime by someone that is out to get us,” Langabeer said.

Langabeer declined to say what department the employee worked in, but that the person would not be disciplined.

“We do (know), but it doesn’t really make a difference,” he said.

“An accident is an accident. I don’t want anybody to get accused of something or have any more hurt feelings that they have now.”

The employee took the hard drive home to do work the weekend of June 2-3 and discovered it lost June 4. University police were notified June 5, according to a statement released early Thursday afternoon by the university relations office. The affected employees and the University of Texas System were also notified. (Read the statement released by UTPA)

The UTPA situation could mean a change in the future for workers.

Langabeer said he is considering enforcing a policy not allowing employees to work at home but rather on the campus’ secure technology system. (Read about precautionary measures)

“It’s going to take longer to produce reports and all,” he said.

“We are not going to gain by this and I don’t think there’s any risk involved in this. It will be a change to how people work. These are people that put in 10- to 12-hour days.”

On June 1, the UT system unveiled online information security practice bulletins for its member campuses to follow. The first bulletin posted has required encryption be used when storing confidential information on non-university technology.

UTPA’s incident is part of a string of information security problems at higher education institutions in recent days.

Last month, Grand Valley State University in Michigan acknowledged about 3,000 records containing Social Security numbers from current and past students in the English department was stolen, according to WOOD TV-8 in Grand Rapids, Mich.

And last week, The University of Iowa notified about 1,000 students and applicants in the molecular and cellular biology program, as well as 100 faculty members, about what officials thought was a Web site security breach in mid-May, according to the Iowa City Press-Citizen.

Affected UTPA employees are advised to obtain credit reports in two months, and in six months to check that their financial information is correct.

The Federal Trade Commission also has information on identify theft people can access, at www.ftc.gov/bcp/edu/microsites/idtheft.

——

Daniel Perry covers education and general assignments for The Monitor. You can reach him at (956) 683-4454. For this and other stories, visit www.themonitor.com.