Page One

Six months after a hacker broke into a UC Berkeley research computer containing the names and Social Security numbers of more than 600,000 health care workers and patients, the university has suffered another embarrassing security breach: the theft of a laptop containing personal information on nearly 100,000 graduate students. 

In a press advisory released this week, two weeks after the March 11 robbery at the Graduate Division offices, UC Berkeley Director of Media Relations Marie Felde said that the theft occurred when the office doors were momentarily left unlocked and unattended during the noon hour. The laptop was stolen from a worker’s office inside the division. 

“Campus police believe this was just a crime of opportunity, with someone seeing a chance to steal a purse or anything they could get their hands on,” Felde said in a telephone interview. “It didn’t appear that the thief would have known what information was in the computer.” 

Felde said that an employee saw someone walking out with the computer and notified campus police. The theft is still under investigation. 

Even though UC officials do not believe that the personal information was the actual target of the theft, California law requires the university to attempt to contact all of the individuals whose personal information was listed in the computer to inform them that they are potentially the targets of identity theft. Felde said that attempts to contact the individuals by mail are being hampered by the fact that some of the contact information is 30 years old. 

Felde said that the university waited until this week to begin notifying potential victims because “campus police thought they had a good chance of identifying the suspect and recovering the computer.” She said that when that didn’t occur, university officials decided they could not wait any longer to begin the notification process. She said that in addition to the news release, e-mails and letters to the 98,369 present and former graduate students, whose information was in the computer, began going out on Monday. 

The university has also set up a web page at http://newscenter.berkeley.edu/security/grad/ to inform potential victims of steps to take to ensure their identity information has not been compromised, as well as a toll-free information number (800-372-5110) and a contact e-mail address (idalert@berkeley.edu). 

The stolen computer contained names and Social Security numbers of individuals who applied to non-law school graduate programs at the university between fall 2001 and spring 2004, graduate students who enrolled at UC Berkeley between fall 1989 and fall 2003, and recipients of doctoral degrees from 1976 through 1999. Felde said that in addition, at least one-third of the files contained either birth dates or addresses of the individuals. 

Felde said that the laptop was password-protected but the data was not encrypted. 

“The university has been systematically installing encryption software on all personal computers containing such data,” she said. “This particular computer had been scheduled to be encrypted within a day or two of the theft, so it was of particular bad luck that the computer was stolen at that time.” 

Felde said that “the encryption software installation has been accelerated” in the wake of the theft. “We are ensuring that doors are being kept locked” leading to areas in the university that might have sensitive data, and “the university is conducting training on how to protect personal property.”