Stolen UC Berkeley Laptop Exposes Personal Data on 100,000

Thief was able to walk into campus office and walk out with personal info on thousands


SAN FRANCISCO (AP) - A thief recently walked into a University of California, Berkeley office and swiped a computer laptop containing personal information about nearly 100,000 alumni, graduate students and past applicants, highlighting a continued lack of security that has increased society's vulnerability to identity theft.

University officials waited until Monday to announce the March 11 crime, hoping that police would be able to catch the thief and reclaim the computer. When that didn't happen, the school publicized the theft to comply with a state law requiring consumers be notified whenever their Social Security numbers or other sensitive information have been breached.

The law is meant to alert people that their personal information could be used by scam artists to obtain loans or conduct other business under an assumed identity.

UC Berkeley plans to advise the 98,369 people affected by the laptop theft to check their credit reports, although there has been no indication any of he personal information has been used illegally, university spokeswoman Maria Felde said.

"The campus really regrets this happened and is taking steps to strengthen security in the future," Felde said. The university has set up a hotline, 1-800-372-5110, and a Web site, http://newscenter.berkeley.edu/security/grad/ to answer questions about the laptop theft.

The UC Berkeley incident follows several other high profile instances in which businesses and schools have lost control of personal information that they kept in computer databases.

Recent breaches have occurred at: ChoicePoint Inc., a consumer data firm duped into distributing personal information about 145,000 people; Lexis-Nexis, a data storehouse where computer hackers obtained access to the personal information of 32,000 people; and Chico State University, where a computer hacking job exposed 59,000 people to potential identity theft.

Universities have accounted for 28 percent of the 50 security breaches of personal information recorded by California since 2003, said Joanne McNabb, the chief of the state's Office of Privacy Protection. That's more than any other group, including financial institutions, which have accounted for 26 percent of the breaches affecting Californians.

This is the second time in six months that UC Berkeley has been involved in a theft of personal information. Last September, a computer hacker gained access to UC Berkeley research being done for the state Department of Social Services. The files contained personal information of about 600,000 people. That security breach hasn't been linked to any cases of identity theft, Felde said.

The risks of identity theft have risen in recent years as technological advances make it easier for businesses, schools and other organizations to create vast databases containing Social Security numbers, credit card account numbers and other personal information.

All that valuable data has turned the computer storehouses into inviting targets for thieves who frequently don't have to work too hard to pull off their crimes.

Computer hackers create some of the mischief by circumventing high-tech firewalls, but 58 percent of the breaches recorded by California officials have occurred after a computer or other device containing personal information is lost or stolen, McNabb said.

The security risks of these incidents could be minimized if the caretakers of the personal information encrypted the sensitive information - a process that makes it virtually impossible to read the data without a special code.

This content continues onto the next page...