When the theft of a hard drive in January from the Office of Student Affairs potentially compromised the Social Security numbers of approximately 38,000 students, alumni, faculty and staff, Georgetown made national headlines for what was seen as lax security measures. Since then, although the university has attempted to protect potential victims from identity theft and has taken steps toward preventing similar incidents from occurring in the future, the theft has left a stain on the university’s record.

The hard drive, which was used to back up a computer that contained the billing information for several student services, was found missing from the office of Lynne Hirschfeld, senior business manager for the Office of Student Affairs, after winter break.

Approximately 7,700 current students — 55 percent of the total student body — had their information stored on the drive, as it contained the Social Security numbers of students enrolled at Georgetown between 1998 and 2006. In addition, the data for about 25,000 alumni was stored on the stolen hard drive, which was not encrypted, according to David Lambert, chief information officer for University Information Services

The theft was reported to the Metropolitan Police Department and the Department of Public Safety when Hirschfield returned to her office after winter break, but the university community was not notified of the theft until a story about the incident was published in the Jan. 29 issue of the THE HOYA.

In the wake of the theft, the university has provided free credit monitoring for the individuals whose information was potentially compromised, and almost all have taken advantage of these services, according to university spokesperson Julie Bataille.

“Approximately 7,000 of those impacted are utilizing the credit monitoring services offered,” Bataille said. She added that there are no known cases of identity theft as a result of the theft.

“I think the most surprising thing is how widespread it was,” said Chris Piper (COL ’09), whose information was stored on the hard drive. “My brother, who graduated last year, got the same e-mail [concerning the theft of his security number] as I did. The fact that it affected almost 40,000 people is discouraging.”

As a result of the theft, University President John J. DeGioia charged Senior Vice President Spiros Dimolitsas with creating a task force on data security, according to Bataille. The purpose of the task force is to “determine vulnerabilities and put in place measures to securely protect electronic data,” she said. She could not disclose any information about the task force’s progress because of the sensitivity of the information.

“Since the creation of the task force, more than 150 staff members have been actively engaged in assessing business processes and systems on their campuses and within their areas of responsibility,” Bataille said. “A lot of work has been done to identify issues and put in place measures to protect electronic data.”

The university task force plans to continue its work throughout the summer and into the fall and hopes to eventually implement new business procedures and data security for faculty and staff.

The university has also taken some immediate steps toward improving data security on and off campus. These include moving electronic data to secure storage areas, providing secure laptops for employees whose job responsibilities require travel and remote access to protected electronic data and revising the interim Internet security policy for the university.

Despite these measures, some still feel that once burned, twice shy.

“It definitely makes me nervous,” Katie Suter (COL ’11) said. “The university has so much of our private information. I don’t like the idea of even something like my name and address being stolen. I’m an 18-year-old girl, and I wouldn’t feel safe if someone knew where I lived.”

Many others have criticized the university’s use of Social Security numbers as personal identifiers. Before the theft, Georgetown has been trying to move away from identifying students based on their Social Security numbers. Since 1999, students have begun using their GOCard numbers and NetIDs as personal identifiers to reduce the use of Social Security numbers in data storage.

But some students feel that instead of reducing the use of them, the university should strike Social Security numbers from their records altogether.

“It definitely doesn’t make me feel any more comfortable,” Jill Dunning (SFS ’10) said.