Identity Theft at the McCombs School of Business - MOR Associates
Identity Theft at the McCombs School of Business - MOR Associates
Identity Theft at the McCombs School of Business - MOR Associates
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
David Burns<br />
Director, Computer Services<br />
<strong>McCombs</strong> <strong>School</strong> <strong>of</strong> <strong>Business</strong><br />
The University <strong>of</strong> Texas <strong>at</strong> Austin
Austin American-St<strong>at</strong>esman, April 24, 2007<br />
6/4/09 Educause Southwest Regional<br />
2
April 21<br />
6000<br />
Records<br />
April 22<br />
16,000<br />
Records<br />
April 23<br />
250,000<br />
Records<br />
April 24<br />
April 25<br />
• Discovery<br />
• ISO<br />
Meeting<br />
• Conn Call<br />
• Press<br />
Planning<br />
• Really Bad<br />
News<br />
• Conn Call<br />
• Press<br />
Conference<br />
• Web Site<br />
• News<br />
Reports<br />
• Call Center<br />
• Response<br />
Planning<br />
• Email<br />
Notific<strong>at</strong>ion<br />
• Committee<br />
Formed<br />
6/4/09 Educause Southwest Regional 3
First Press Reports<br />
197,000+<br />
Compromised records<br />
106,000<br />
SSNs exposed<br />
Final Numbers<br />
173,000<br />
Compromised records<br />
84,000<br />
Compromised SSNs<br />
Response Center<br />
3,839<br />
Highest number <strong>of</strong> contacts<br />
to call center in one week<br />
1,634<br />
Highest number <strong>of</strong> online<br />
inquiries received in a day<br />
6,000<br />
E-mails or follow-up calls<br />
made by <strong>the</strong> response<br />
center<br />
6/4/09 Educause Southwest Regional 4
Individual Communic<strong>at</strong>ions<br />
200,000<br />
Approxim<strong>at</strong>e number <strong>of</strong><br />
individuals contacted<br />
169,264<br />
Official notific<strong>at</strong>ion letters<br />
155,000<br />
Emails Sent by day 4<br />
30,000 bounced<br />
Affected Popul<strong>at</strong>ions<br />
Alumni<br />
Faculty<br />
Staff<br />
Undergradu<strong>at</strong>e Majors<br />
Gradu<strong>at</strong>e Students<br />
Non-<strong>Business</strong> Students<br />
Applicants<br />
Prospects<br />
Recruiters<br />
6/4/09 Educause Southwest Regional 5
May<br />
June<br />
July<br />
August<br />
• Notific<strong>at</strong>ion<br />
Letters<br />
• Outside<br />
Consultants<br />
• VA Breach<br />
• The Dead<br />
• University<br />
Policies<br />
• New CIO<br />
• Returned<br />
Mail<br />
• Web Site<br />
• Call Center<br />
• Angriest<br />
People<br />
• Bre<strong>at</strong>h
1. Everything you do is wrong<br />
“It’s not about making <strong>the</strong> right decision, but about<br />
making your decisions right. Good leaders<br />
manage <strong>the</strong> consequences <strong>of</strong> decisions.”<br />
- Alison Davis-Blake<br />
Sr. Associ<strong>at</strong>e Dean<br />
<strong>McCombs</strong> <strong>School</strong> <strong>of</strong> <strong>Business</strong><br />
6/4/09 Educause Southwest Regional 7
1. Everything you do is wrong<br />
2. You won’t ever have enough inform<strong>at</strong>ion<br />
“The needs <strong>of</strong> <strong>the</strong> high-level decision makers for rapid<br />
assessment and action is m<strong>at</strong>ched only by <strong>the</strong>ir annoyance<br />
when details change or time/work is wasted. The pressure<br />
to deliver answers to wickedly complex problems in a very<br />
short time is intense.”<br />
- Me<br />
6/4/09 Educause Southwest Regional 8
1. Everything you do is wrong<br />
2. You won’t ever have enough inform<strong>at</strong>ion<br />
3. Any time you try to paint a rosy picture you<br />
will get spl<strong>at</strong>tered<br />
“Many <strong>of</strong> <strong>the</strong> people you are reporting to will almost always<br />
be looking <strong>at</strong> <strong>the</strong> most optimistic side <strong>of</strong> things. Th<strong>at</strong> won't<br />
be an outlook you'll share, although <strong>the</strong> tempt<strong>at</strong>ion to<br />
deliver good news is strong and best avoided.”<br />
- Me<br />
6/4/09 Educause Southwest Regional 9
1. Everything you do is wrong<br />
2. You won’t ever have enough inform<strong>at</strong>ion<br />
3. Any time you try to paint a rosy picture you will<br />
get spl<strong>at</strong>tered<br />
4. Pr<strong>of</strong>essional Crisis = Personal Problem<br />
6/4/09 Educause Southwest Regional 10
1. Everything you do is wrong<br />
2. You won’t ever have enough inform<strong>at</strong>ion<br />
3. Any time you try to paint a rosy picture you will<br />
get spl<strong>at</strong>tered<br />
4. Pr<strong>of</strong>essional Crisis = Personal Problem<br />
5. You Are NOT Alone<br />
6/4/09 Educause Southwest Regional 11
1. Everything you do is wrong<br />
2. • You Know won’t Who ever <strong>the</strong> have Players enough Are! inform<strong>at</strong>ion<br />
3. • Any Be time familiar you with try to <strong>the</strong> paint high a levels rosy picture <strong>of</strong> <strong>the</strong><br />
you campus will get org spl<strong>at</strong>tered chart<br />
4. • Pr<strong>of</strong>essional Be familiar with Crisis who = Personal <strong>the</strong> people Problem are<br />
5. You who are actually not alone do stuff or have a lot <strong>of</strong><br />
pull.<br />
6/4/09 Educause Southwest Regional 12
Office <strong>of</strong><br />
<strong>the</strong><br />
President<br />
Public<br />
Affairs<br />
Legal<br />
Affairs<br />
CFO<br />
Student<br />
Affairs Development Provost<br />
CIO<br />
<strong>McCombs</strong><br />
ISO<br />
ID <strong>Theft</strong><br />
Resource<br />
Center<br />
FTC<br />
Public<br />
Rel<strong>at</strong>ions<br />
Consultants<br />
Public<br />
Rel<strong>at</strong>ions<br />
ITS<br />
Graphic<br />
Designers<br />
Credit<br />
Agencies<br />
Credit<br />
Monitoring<br />
Firms<br />
Computer<br />
Services<br />
EIS<br />
Printing<br />
Companies<br />
Media<br />
Consultants<br />
Resource<br />
Dev<br />
WES<br />
User<br />
Services<br />
6/4/09 Educause Southwest Regional<br />
13
“Crisis” ≠ “Happy-Fun-Time”<br />
Intensity Varies Like Gravity<br />
Random Unpredictability<br />
Playing with Real Money<br />
Ambiguity Intolerant<br />
Crisis in IT is EXTRA Fun<br />
Confined Expertise<br />
N th Degree Complexity<br />
Peculiar Personalities<br />
Spectacular Harm<br />
Crisis Management<br />
Phases<br />
6/4/09 Educause Southwest Regional 14
“We’re very concerned<br />
about this breach <strong>of</strong> security.<br />
We take it extremely<br />
seriously and we take<br />
responsibility for it.”<br />
“We’re doing everything we<br />
can to protect <strong>the</strong> people<br />
who’s d<strong>at</strong>a may have been<br />
exposed”<br />
Austin American-St<strong>at</strong>esman, April 24,<br />
2007<br />
6/4/09 Educause Southwest Regional<br />
15