Tulane University’s breach report to the NH AG’s Office
As an update to the Tulane University incident where a laptop with W-2 data was stolen from an employee’s car while he was traveling out of town:
Tulane’s notification to the New Hampshire Attorney General’s Office provides some additional details on the incident.
- The employee had the data on a laptop because he was supposed to work on it over the winter break to prepare the W-2’s.
- The laptop was in a briefcase stolen from his (then unoccupied) car while he was away.
- The data were unencrypted.
While the explanation seems like a reasonable explanation as to why the data should have been with the employee over break, it does not provide any adequate explanation of why the data weren’t encrypted and why the employee would just leave a laptop in a car – even in a locked trunk. Haven’t there been enough stolen laptop stories in the news the past few years to make everyone aware of the risks?