A laptop containing the personal information of roughly 100,000 students, alumni, and past applicants was stolen several weeks ago from a UC Berkeley office. Why did they wait until yesterday to report it? Well that is what the law says they can do. Unfortunately, the harm has already been done.
Is this waiting period designed to give police time to catch perpetrators, or as a preventitive measure for otherwise terrible PR?
Identity thieves come and go like the wind, a fact pointed out very clearly in Drug dealing is big business…so is Phishing. By the time the investigators start investigating, identity thieves are selling black market goods purchased with stolen credit card numbers. Let two weeks go by, and the perps are likely on to their next target, having mined 100,000 records with robotic efficiency, and sold the remaining names to a colleague.
As if a waiting period is going to lower the awareness of an investigation, making the thieves think they just got away with something and nobody knows it…it just doesn’t make sense. In fact, it sounds downright asinine. A day or two goes by, and the perps are gone, not to mention that data is very easy to pass on to others – it could have been done hours after the box was nabbed. Someone needs to make an adjustment, and fess up to the fact they can’t be trusted with others’ data.
Read SF Gates view of this matter at Stolen UC Berkeley laptop exposes personal data of nearly 100,000, and the Slashdot crowd’s opinion on the matter at Berkeley Grads’ Identity Data Stolen.