“There was no password protection,” admitted Bancroft Deputy Director Peter Hanff in the November 23 San Francisco Chronicle. “We thought it was fire-walled from the outside.” Robert Richardson, editorial director of the Computer Security Institute in San Francisco, told the Chronicle that the lack of password software means “there’s probably no trail” of who entered the computer system without authorization.
The university police department confirmed to the newspaper that no criminal investigation is being conducted—a fact that troubles Elizabeth Salazar, a nonuniformed employee of the San Francisco Police Department whose 1994 Bancroft visit was documented in the visitor database. “Now I know they were putting my information in a database without informing me,” she said, adding, “I know full well how devastating identity theft can be. I think this is an extremely important case.” Other concerned patrons have contacted Bancroft officials from as far away as France and Australia.
The library is rectifying the online security problem by adding a password system, and it has done away with the practice of recording driver’s license numbers.
Posted November 26, 2003.