FBI Investigates Network Data Breach at Stanford

May 26, 2005
Security breach resulted in theft of Social Security numbers and other private data

PALO ALTO, California (AP) - The FBI is investigating a computer security breach at Stanford University that resulted in the theft of personal data - including letters of recommendation and Social Security numbers - for nearly 10,000 people.

The breach happened May 11, when someone from outside the university gained access to the school's network, Stanford general counsel Debra Zumwalt said Wednesday. The university would not say whether the breach happened as a result of a remote hacker, the physical theft of a laptop or other typical means of network penetration.

Stanford began mailing notifications Monday to about 300 recruiters and 9,600 others - mostly students - who visited the school's Career Development Center since 1996. The electronic dossiers generally did not include financial information such as credit card numbers or driver's license numbers.

The mailings complied with a state law that took effect in 2003 and requires organizations to notify California residents whenever personal data has been compromised. So far, school officials say, there's been no evidence of identity theft resulting from the breach.

When the university learned that someone had accessed the network, security officials temporarily disabled the career center's computers and reported the incident to the San Jose field office of the FBI.

"Protection of confidential information is a high priority of Stanford," Zumwalt said. "Since this incident, we have been working to understand this breach of our system and ways to prevent a reoccurrence."

The breach is the latest to affect a major California university. In one of the state's largest security breaches, the University of California, Berkeley warned 1.4 million Californians that a problem in October had exposed the names, addresses, Social Security numbers and birthdays of people who had participated in a state in-home care program.