This week’s rather classic breach involves The Beijing Center for Chinese Studies, who notified applicants to its programs that their personal information may now be compromised due to a stolen laptop.

According to the entry at DataLossDB, BCCS International Director Roberto Ribeiro sent a letter to at least one Attorney General (New Hampshire), alerting about the theft, after sending letters to all affected applicants. The content of that particular AG letter is posted, as well as the letter that was mailed to victims.

1. A laptop was stolen from a locked facility on October 15, 2009.
2. It contained personal information such as Social Security Numbers, and other sensitive information.
3. Those affected include all applicants to The Beijing Center from 1994 to 2006.
4. The data wasn’t encrypted. There is no mention of tracking or deletion capabilities for the laptop.
5. The BCCS is sorry about this and has now implemented some security controls.
6. Victims get a one-year credit monitoring subscription.

It really is a classic, textbook incident, including the decision now to better protect data on mobile devices, rather than before one walked out the door. It’s not actually clear how many individuals were affected, so it is difficult to estimate how much credit monitoring services and printing/postage costs for notification are costing the BCCS. Safe guess: the costs are a whole lot more than the cost of the laptop itself, or of solutions like MyLaptopGPS.

Many thanks go kirniki over @ DataLossDB for the tip.