Thousands of Central New Mexico Community College students could be at risk of having their personnel information compromised.
The college said someone from the health center reported in July that a thumb drive with students’ birth dates and Social Security numbers was missing. The college does not know what happened to it.
Read more on KOAT.
And exactly what were unencrypted SSN doing on a thumb drive?
If the data were from the student health center, these records are most likely covered under FERPA, not HIPAA, unless the health center treated non-students, in which case, HIPAA would likely apply.
Update: CNM subsequently stated that over 3,000 students were affected by the incident involving a thumb drive that went missing or was stolen in April. So the loss occurred in April, it wasn’t reported to the college until July, and students were first notified now?
And NO federal agency will do anything about this. Un-effing-believable.