Want CNET to notify you of price drops and the latest stories?

Laptop theft puts data of 98,000 at risk

PC stolen from UC Berkeley graduate admissions office held sensitive data on thousands of people, stretching back three decades.

Matt Hines Staff Writer, CNET News.com
Matt Hines
covers business software, with a particular focus on enterprise applications.
Matt Hines
2 min read
The University of California, Berkeley, is warning more than 98,000 people that the theft of a laptop from its graduate school admissions office has exposed their personal information.

An individual stole the computer from the offices of the school's Graduate Division on March 11, the university said in a statement released late Monday. Roughly one-third of the files on the laptop contained names, dates of birth, addresses and Social Security numbers of 98,369 graduate students or graduate-school applicants, it said. The files go back three decades in some cases.

"At this time, the campus has no evidence that personal data were actually retrieved or misused," the university said in the statement.

No incidents of identity theft have been reported related to the incident, it added. However, UC Berkeley is urging affected individuals to consider putting a fraud alert out at credit reporting agencies.

The data loss follows a string of high-profile incidents in which the personal information of U.S. citizens was exposed, notably consumer data broker ChoicePoint's admission that it had been duped into selling personal information on about 150,000 individuals to possible fraudsters.

The incident is the second recent loss of sensitive information at UC Berkeley. In August, an attacker broke into computers there and gained access to 1.4 million database records containing identity data.

UC Berkeley said it has already made an effort to notify all of the individuals affected by the data loss, as required by California law, and that it has set up a Web site to help answer questions about the incident. Because some of the files go back to 1976, though, the school said that officials may have difficulty tracking down some of the people affected.

The stolen computer contained information on most people who applied to Berkeley's graduate programs between fall 2001 and spring 2004, excluding law school students. It also held data on graduate students enrolled at Berkeley between fall 1989 and fall 2003, and on recipients of doctoral degrees between 1976 and 1999, and some other groups of people.

School officials highlighted the fact that most colleges and universities use Social Security numbers to mark student records, but did not pledge to put an end the practice, as Boston College and other institutions have done. This month, Boston College vowed to stop using Social Security numbers wherever possible after hackers gained access to information on more than 100,000 alumni in a security breach.

UC Berkeley said it has already taken extra measures to prevent similar data losses, such as putting encryption software on computers that store Social Security numbers and increasing security throughout its facilities. The school launched a policy requiring encryption of sensitive data stored on mobile devices last year, but officials said that the school has yet to achieve full compliance with that measure.