40,000 Chicago Teachers Furious Over Stolen Laptops

April 20, 2007

You think Bart Simpson makes his teachers mad?  That's nothing compared to the righteous anger of 40,000 Chicago public school teachers who have learned that their personal information, including their Social Security numbers, has been stolen – and blame the school district for the breach.

"I'm furious, I'm outraged, and I'm disgusted," Chicago Teachers Union President Marilyn Stewart told reporters for Chicago TV station WMAQ on April 9, upon learning of the data breach.  That outrage was triggered in part by the fact that the teachers' sensitive personal data had been downloaded to two laptop computers by consultants to the school district – computers that were then brazenly stolen by a thief with a backpack and, apparently, a lot of nerve.

Portable, lucrative, gone

School officials reportedly have surveillance footage of the thief on the 13th and 16th floors and leaving the school district building.  They even have a couple of possible names, and a pretty good idea of how the thief got in.  What they don't have is the thief, nor the laptops – which angry teachers say should never have contained their personal information in the first place.

Stewart's own independent security consultant, Dan Yost, stated unequivocally that the school board had no business maintaining employee databases with Social Security numbers – let alone letting consultants download that information to a target as vulnerable and attractive as a laptop computer.  "40,000 Social Security numbers with names on a couple of machines makes a pretty lucrative high-reward asset for the thief," said Yost.

And Stewart herself minced no words in placing responsibility for the breach at the very top: Chicago Public Schools CEO Arne Duncan.  "If Arne Duncan cannot guarantee our protection and our privacy," insisted Stewart, "he should not have that job."  Rank-and-file teachers in Chicago felt similarly betrayed.  "How could your employer, the person you trust, let this happen to you?" asked teacher Caryn Block.  Teachers were also livid that they weren't told of the breach until almost 9:00 pm, more than nine hours after the theft occurred.

Progress in the case...but what about establishing better data security?

The school district is circulating a photo of the suspect and offering a $10,000 reward for information leading to an arrest.  Besides the existence of the surveillance video, there is one other piece of good news: One of the stolen laptops is equipped with biometric fingerprint-based encryption, which will make the sensitive data more difficult for identity thieves to retrieve.

Trying to put the best possible face on the situation, Duncan noted, "In fact, there's several very promising leads, and we're encouraged by the progress that is being made in this case."  For his part, Chicago School Board President Rufus Williams stuck up for the consultants who downloaded the teachers' sensitive employee information to their own laptops – then managed to get them stolen.  "You may not carry all of your family's information on a laptop," said Williams, "but I guarantee that if you take out your cell phone, you've got information there that is sensitive – that you may lose."  He's right about that – just ask Paris Hilton.

A few suggestions

Chicago Teachers Union President Marilyn Stewart had the right idea.  After consulting with a security expert, she was able to give Chicago Public Schools crucial pointers on protecting its employees' privacy from now on, according to the April 16 Chicago Sun-Times:

• Stop using Social Security numbers as a means of identification! Establish a different way to identify employees.
• Make better use of data encryption, tracking and recovery/deletion software.

If only other organizations had someone like Marilyn Stewart to stand up for their data protection. Let's hope Chicago's schools – and others – take her advice.