Stolen laptop exposes data of 100,000

yahoo.com ^ | March 28, 2005 | MICHAEL LIEDTKE

[crushelits]

SAN FRANCISCO - A thief recently walked into a University of California, Berkeley office and swiped a computer laptop containing personal information about nearly 100,000 alumni, graduate students and past applicants, highlighting a continued lack of security that has increased society's vulnerability to identity theft.

University officials waited until Monday to announce the March 11 crime, hoping that police would be able to catch the thief and reclaim the computer. When that didn't happen, the school publicized the theft to comply with a state law requiring consumers be notified whenever their Social Security numbers or other sensitive information have been breached.

The law is meant to alert people their personal information could be used by scam artists to obtain loans or conduct other business under an assumed identity.

UC Berkeley plans to advise the 98,369 people affected by the laptop theft to check their credit reports, although there has been no indication any of he personal information has been used illegally, university spokeswoman Maria Felde said.

"The campus really regrets this happened and is taking steps to strengthen security in the future," Felde said. The university has set up a hotline, 1-800-372-5110, and a Web site, http://newscenter.berkeley.edu/security/grad/ to answer questions about the laptop theft.

The UC Berkeley incident follows several other high profile instances in which businesses and schools have lost control of personal information that they kept in computer databases.

Recent breaches have occurred at: ChoicePoint Inc., a consumer data firm duped into distributing personal information about 145,000 people; Lexis-Nexis, a data storehouse where computer hackers obtained access to the personal information of 32,000 people; and Chico State University, where a computer hacking job exposed 59,000 people to potential identity theft.

Universities have accounted for 28 percent of the 50 security breaches of personal information recorded by California since 2003, said Joanne McNabb, the chief of the state's Office of Privacy Protection. That's more than any other group, including financial institutions, which have accounted for 26 percent of the breaches affecting Californians.

This is the second time in six months that UC Berkeley has been involved in a theft of personal information. Last September, a computer hacker gained access to UC Berkeley research being done for the state Department of Social Services. The files contained personal information of about 600,000 people. That security breach hasn't been linked to any cases of identity theft, Felde said.

The risks of identity theft have risen in recent years as technological advances make it easier for businesses, schools and other organizations to create vast databases containing Social Security numbers, credit card account numbers and other personal information.

All that valuable data has turned the computer storehouses into inviting targets for thieves who frequently don't have to work too hard to pull off their crimes.

Computer hackers create some of the mischief by circumventing high-tech firewalls, but 58 percent of the breaches recorded by California officials have occurred after a computer or other device containing personal information is lost or stolen, McNabb said.

The security risks of these incidents could be minimized if the caretakers of the personal information encrypted the sensitive information — a process that makes it virtually impossible to read the data without a special code.

The laptop stolen from the UC Berkeley was supposed to be encrypted this month, Felde said. The computer, which required a password to operate, was left unattended for a few minutes in a restricted area of a campus office before someone walked in and stole it, Felde said. A campus employee witnessed the theft and reported it to university police.

Authorities suspect the thief was more interested in swiping a computer than people's identities. Felde said there been no evidence so far to indicate the stolen information has been used for identify theft.

The stolen laptop contained the Social Security numbers of UC Berkeley students who received their doctorates from 1976 through 1999, graduate students enrolled at the university between fall 1989 and fall 2003 and graduate school applicants between fall 2001 and spring 2004. Some graduate students in other years also were affected.

The stolen computer files also included the birth dates and addresses of about one-third of the affected people.

[Mannaggia l'America]

It looks like while everyone was worrying about security for "Windows", they ignored the security for "Doors". Buwahahaha!

[BurbankKarl]

someone should sue the university over this...it is criminal neglect.

[Peach]

Hasn't this been happening an awful lot lately?

[Mad_Tom_Rackham]

And Berkeley still wants to run the national labs at Livermore and Los Alamos. Ya sure. Time for the Berkeley Lefties to take their more than deserved seat on the bench.

[KoRn]

More than likely the thief was after the laptop and is(was) unaware of the information that's stored on it. My bet is that the laptop is sitting in some pawn shop right now, or tossed in a river after this publicity.

My big question would be why this kind of information is being stored on a user's PC?!?! That kind of information should only be kept on a server.....sure as hell not a laptop!

[BurbankKarl]

I received a notice from my life insurance agent saying they had a similar break in. They were required to contact every customer, and suggested you get in touch with the three credit agencies to lock down your credit report. (which I did)

[Fester Chugabrew]

I suggest 20 years minimum for stealing identities . . .

Wasn't all that long ago we hung folks for stealing horses.

[BurbankKarl]

I am in the middle of that new Kevin Mitnick book...these victims should be very afraid.

[KoRn]

Wow thats bad. Information Security is the most neglected issue in business these days while it's the most important. What's funny is that even when companies make an effort to be secure they start slacking after a week or two lol.

I was 'appointed' to info security officer in my company and I've been very busy making enemies for the interests of the public. You'll be amazed how pissed people get when you tell them they need to change the way they do things, and have to explain how it could harm people if they continue they way they are.

[Peach]

Who does this stuff? Do they ever catch them?

[HereInTheHeartland]

If the data wasn't encrypted and the computer password protected, then a rope should be strung over a tree branch for the offender (the computer's owner).

[Richard Kimball]

that's true, and I hope that's what happened. However, if the guy who picked it up knows what he's doing, he could be set for life. With 98,000 names SSNs and credit card numbers, he can go kaching!!! and wreck about 3,000 credit ratings without ever getting caught.

[Liberator]

UC Berkeley, eh?

Good.

100,000 files of subversive leftists would be very interesting indeed...

[fight_truth_decay]

SAN FRANCISCO - A thief recently walked into a University of California, Berkeley office and swiped a computer laptop containing personal information about nearly 100,000 alumni, graduate students and past applicants.....included the birth dates and addresses of about one-third of the affected people.

Affected or Infected? ;)

[KoRn]

"that's true, and I hope that's what happened. However, if the guy who picked it up knows what he's doing, he could be set for life. With 98,000 names SSNs and credit card numbers, he can go kaching!!! and wreck about 3,000 credit ratings without ever getting caught."

Very true. If the guy was in fact there for the laptop its gonna be hell for allot of people, and should be hell to pay for whoever left information like that on a laptop, then leaving the laptop to be stolen to top it off lol.