A virus recently infected a laptop owned by Oklahoma University that stored files with student names and Social Security numbers, and the school waited two weeks after its discovery to inform the affected people of the security breach.
According to a report in the Oklahoman, a newspaper in Oklahoma City, the university's information technology department discovered the virus on the laptop on June 10, and realized that the files containing students' personal information may have been compromised. However, it waited until June 24 to send out a mass email informing students and faculty of the breach. It also warned them about the dangers that viruses and malware carry, and offered tips to protect themselves.
School officials told the paper that there was no known identity theft as a result of the breach at this point, but the problem may be more widespread than it was originally thought.
"While the University is not aware of any specific misuse or conversion of this information as a result of the unauthorized access, the OU Information Technology Department did discover unusual internet activity associated with a laptop computer connected to the network and being used by an employee in the bursar's office," the school's vice president of communications said in an email to the Oklahoman.
She further added that the affected students and faculty were given information on how to get free fraud alerts, and that the university also offered to pay for another year of coverage after the initial alerts expire. However, the school can't be sure that students are completely insulated from the threat of identity theft.
College students are frequently targeted by identity thieves because, while a growing number have credit cards, most do not have a significant credit history. This may make it easier for thieves to get accounts in their names. Those that are affected by identity theft should take steps to help stamp out the threat that they will have their information used to make fraudulent purchases.
Identity theft victims should alert their lenders and the credit bureaus that their information has been stolen. This will help those companies to not only be aware of the potential for fraudulent charges on existing cards, but also the possibility that new accounts could be opened. In addition, victims should alert their local police departments and district attorneys to the problem.