SunGard Higher Education has concluded a comprehensive forensic analysis of the back-up of the data contained on the stolen laptop. A leading consulting and computer forensics firm, Stroz Friedberg LLC, was retained to assist in completing this forensic analysis.
All institutions for which personally identifiable information was found on the laptop have been notified, and they in turn have notified the affected individuals. In addition to working with each institution to support the notification process, SunGard Higher Education has offered a range of services such as two years of credit monitoring for affected individuals, help desk support, and a website containing information on the incident and the steps people can take to help protect against the potential misuse of personally identifiable information.
SunGard Higher Education takes the protection of personally identifiable information and data security very seriously. In addition to strengthening our existing policies we have implemented additional measures to help ensure that personally identifiable information, whether belonging to customers or employees, is protected from theft and accidental or unauthorized disclosure. Specifically, SunGard Higher Education is working to ensure that all personally identifiable information stored on desktops, laptops, and other portable devices, is located and either erased or protected through encryption. In addition, SunGard Higher Education has completed the deployment of full-disk encryption technology to desktop and laptop computers issued by the company. We have also put in place several audit processes to ensure that employees have safeguarded personally identifiable information in compliance with company directives. These steps, and additional measures, illustrate the importance SunGard Higher Education attaches to information security.
We deeply regret the incident, apologize unreservedly to the customers and individuals affected for the inconvenience that we have caused, and remain committed to supporting their needs.
Frequently Asked Questions:
What happened? (updated 6/12/08)
A laptop belonging to an employee at SunGard Higher Education was stolen on March 13, 2008. Law enforcement has been notified of the theft but the laptop has not been recovered. The laptop, however, was protected with a strong password. After a complex analysis of a backup of the computer, SunGard Higher Education found that the stolen laptop contained personally identifiable data. Security teams from affected institutions and SunGard Higher Education worked together to analyze and verify the data and notify affected individuals.
Has my personal information been stolen? (Updated 9/2/08)
We are not aware of any misuse of personally identifiable information. Individuals affected by this incident were provided with credit monitoring services through Experian. We encourage anyone concerned with protection of his or her identity to visit http://www.idtheftcenter.org.
Why was my information on this laptop? (Updated 5/13/08)
The employee’s job included analysis of customer data as part of software implementation and upgrade projects. That being said, contrary to company policy, the laptop did contain unencrypted (readable) personally identifiable information.
Do you know who stole the laptop? (updated 6/12/08)
No, unfortunately the investigation has not yet resulted in identification of the thief or recovery of the laptop.
What steps did SunGard take in response to the incident? (New 5/8/08)
Based on the complex nature of the data, a great deal of investigative and reconstructive work was needed before SunGard Higher Education could accurately identify and notify affected institutions and individuals. The most time consuming work involved the manual review of thousands of files.
I have not received a notification about the privacy incident. Does that mean that I am not affected? (Updated 9/2/08)
Affected institutions have sent letters or email notifications to the affected individuals from their institutions. Affected individuals should have received notices by now. If you did not receive a letter and remain concerned that you may have been affected, you may request information by calling our toll free hotline, 866.520.2408.
Has anybody reported identity theft? (Updated 9/2/08)
To date, we have no confirmed reports of any misuse of personally identifiable information directly related to this laptop theft. We provided a range of services to individuals affected by the laptop theft including call center support, website support, credit monitoring and a recommendation that individuals request and review a copy of their annual free credit report.
What steps are being taken to prevent another similar incident? (New 5/8/08)
This data breach was the result of policies and procedures not being followed. That is unacceptable and has prompted SunGard’s CEO to order a top-to-bottom review of information security policies and procedures encompassing all business units and corporate departments. SunGard is working proactively to assure that personally identifiable information, whether belonging to our customers or our employees, is protected from theft and accidental or unauthorized disclosure. SunGard has continued to take the steps necessary to minimize the likelihood of such an incident occurring again. Our desired goal is to develop and implement the best security measures in the industry. For more information regarding the Task Force created for this purpose please see “SunGard Creates Information Security Task Force."
If I am affected, what should I do? (Updated 9/2/08)
Individuals affected by this incident were provided with credit monitoring services through Experian.
We encourage anyone concerned with protection of their identity to request a free credit report from one of the three major credit reporting agencies through www.annualcreditreport.com and review it for any irregularities or accounts that you don’t recognize. Since identity theft is a fast growing crime in the U.S., this is a good practice to do on a regular basis anyway. For instructions, please review the “Protecting Your Credit” section on this site.
What company was selected to provide credit monitoring? (Updated 9/2/08)
ConsumerInfo.com, Inc., an Experian® company was selected to provide affected individuals with a suite of credit monitoring services, free of charge. This credit monitoring product known as Triple AlertSM will identify and notify affected individuals who register for this service of key changes in their three national credit reports that may indicate fraudulent activity. SunGard Higher Education provided affected individuals who register with 2 years of credit monitoring support services. Memberships activated by affected individuals prior to 5/7/08 will automatically convert to a 2 year membership.
Complimentary 2 year membership for affected individuals includes:
- Monitoring all three credit files with Experian, Equifax® and TransUnion® – everyday
- Email alerts of key changes indicating possible fraudulent activity – within 24 hours
- Monthly “No Hit” alerts, if applicable
- Dedicated team of fraud resolution representatives for victims of identity theft
- $25,000 identity theft insurance with no deductible*
*Due to New York state law restrictions, identity theft insurance coverage cannot be offered to residents of New York.
Affected individuals had until August 31, 2008 to activate these services.
How do I request a copy of my credit report? (new 5/8/08)
You can request a free copy of your credit report once a year from each of the three main credit bureaus through the Annual Credit Report Request Service by calling (877) 322-8228 or visiting www.annualcreditreport.com. Many people choose to stagger their requests so they receive a copy from one of the agencies every four months. Please visit Requesting a Copy of Your Credit Report for more information.
What should I look for in my credit report?
In your credit report, be alert for any suspicious activity. Look especially for any accounts you didn’t open and any charges you didn’t make. Look at the inquiries or requests section for names of creditors from whom you haven't requested credit. Look in the personal information section to confirm the accuracy of addresses where you have lived and your Social Security number. Any suspicious activity in these areas may be indications of a fraud attempt. Also be alert for calls from creditors or debt collectors about bills that you don't recognize and for unusual charges on your credit card bills.
What if I find a problem in my credit report? (Updated 9/2/08)
Individuals affected by the laptop theft were provided with credit monitoring services through Experian. If you find anything that looks wrong or suspicious, put your credit monitoring service to work and contact Experian. They will assign a case worker to help you. Experian is the only credit bureau that allows online disputes for fraudulent activity or if a consumer disagrees with an item on his or her credit report. In addition, SunGard Higher Education will work with law enforcement to investigate any suspected incidents of identity theft. Please call the information center at 1.866.520.2408 to report any such suspected activity.
How do I place a fraud alert on my credit file? (new 5/8/08)
By placing a fraud alert on your consumer credit file, you let creditors know to watch for unusual or suspicious activity in any of your accounts, such as someone trying to open a credit card account in your name. Please visit Placing a Fraud Alert on Your Credit File for more information.
Can I extend a fraud alert placed on my credit file? (new 5/8/08)
You may extend a free 90-day fraud alert by reinstating the alert when it expires. There is no limit to the number of times a free alert can be placed on your account, but the responsibility for reinstating the alert rests with you. Please visit Extending a Fraud Alert for more information.
What is a security freeze and how do I place one on my credit file? (new 5/13/08)
A security freeze means that your credit file cannot be shared with potential creditors or other persons considering opening new accounts unless you decide to unlock your file by contacting a credit reporting agency and providing a PIN or password. Most businesses will not open credit accounts without first checking a consumer’s credit history. If your credit files are frozen, even someone who has your name and Social Security number would not likely be able to get credit in your name. Please visit Placing a Security Freeze for additional information.
Will someone call me to confirm that my information has been stolen?
SunGard Higher Education will NOT make personal phone calls to affected individuals about this incident. In other cases of identity theft, people have reportedly been contacted by individuals claiming to represent the affected organization and then proceed to ask for personal information, including social security numbers and/or credit card information. Please always be cautious if somebody asks you for your Social Security number, credit card information, bank information or other personal information in a call that you did not originate. We recommend that you do not release personal information in response to any contacts of this nature that you did not initiate yourself.
Because identity theft crimes are on the rise, we recommend that everyone in our higher education community understand the precautionary steps outlined on this website to help guard themselves against potential identity theft.
Other Resources:
Fraud Alerts, Security Freezes, and Other Information
Resource Links
The privacy of your personal information is important to SunGard. Visit SunGard’s Privacy Policy to learn how we respect your privacy.
Updated September 2, 2008