A professor on holiday in Madagascar lost a USB drive containing personal data on ~8,000 students, and another one stolen from a Michigan university contained info on ~3,000 students. Both incidents exposed students' names and Social Security Numbers, and could potentially lead to identity theft.
We hear about these kinds of incident because the organizations have to inform the data subjects, and word either leaks out to the media and public or they come clean through press releases.
We don't often hear about such incidents:
- in places where there is no compulsion to inform data subjects about them
- where the loss is unnoticed or goes unreported
- involving loss/disclosure of proprietary or military as opposed to personal information
- on a smaller scale, where it is not considered so newsworthy
... in other words, it's even worse than it seems. USB flash memory drives should be routinely encrypted.