The computer was stolen March 11 when an individual entered a restricted area of the Graduate Division offices that was momentarily unoccupied. A campus employee saw the individual leaving with the laptop and contacted campus police. The case remains under investigation.
The stolen computer contained information on most individuals who applied to graduate school at UC Berkeley between fall 2001 and spring 2004 (except law school students); graduate students who enrolled at UC Berkeley between fall 1989 and fall 2003; recipients of doctoral degrees from 1976 through 1999; and other small groups of individuals. Approximately one-third of all of the computer's files contained dates of birth and/or addresses in addition to Social Security numbers and names.
At this time the campus has no evidence that personal data were actually retrieved or misused. However, in accordance with state law, UC Berkeley officials are making every reasonable effort to notify by mail or e-mail all 98,369 individuals whose names and Social Security numbers were on the computer and, as a precaution, suggest they consider placing a fraud alert on their credit reporting accounts.
However, because some files go back three decades, officials may not find current addresses for every name on the list. The campus has created a special Web site for individuals who are concerned that their information may have been on the stolen computer. The web site contains helpful phone numbers, information on next steps to take, and links to credit reporting agencies.
The Social Security numbers were used to identify and track individual students, a customary practice within the educational research community, which uses these numbers to access historical information regarding students.
The Graduate Division has already taken additional steps to prevent such theft of sensitive data from happening again. It is deploying encryption software on those few computers that contain Social Security numbers. Building security has been increased, and the Graduate Division is working vigorously to review and implement staff training for protection of personnel and property.
The office has also set up a toll-free number 1-800-372-5110 and e-mail account to answer specific questions not addressed on the website.
For several years University of California systemwide policy and UC Berkeley campus policy have required that restricted information stored on portable equipment be protected to safeguard the data if the equipment is lost or stolen. Since fall 2004, the UC systemwide policy has required encryption of such portable data, and campus units are in the process of moving toward full compliance with this new policy.
