You are here: LAT Home > Articles > California | Local

Security Lapses, Lost Equipment Expose Students to Possible ID Theft

By Sally Ann Connell, Special to The Times
August 29, 2004

SAN LUIS OBISPO — A missing hard drive containing personal information on 23,500 students, faculty and staff in the California State University system is only the latest example of how campus computers can expose individuals to identity theft.

Although the hard drive was lost at Cal State San Marcos, 13,500 of those affected are linked to Cal Poly San Luis Obispo, Cal State officials said. The other state universities affected are Dominguez Hills, Fullerton, Monterey Bay, San Diego and Sonoma.

"I got a letter informing me of the risk," said Teresa Hendrix, a Cal Poly public affairs spokeswoman. "My daughter got one too."

The concern is about the potential for identity fraud, where somebody has access to a name, address, Social Security number and other identifiers used in credit applications.

The Cal State case is by no means isolated and is not even the biggest example this year of a mass notification of a security breach. Since January, at least 580,000 individuals with information in university computers have been notified of similar risks.

That includes 380,000 current and former students, applicants, staff, faculty and alumni at UC San Diego and 178,000 at San Diego State. In both cases, hackers got into computers for other reasons, but had access to files containing personal information, officials at both universities said.

At Cal Poly, Dawn K., a 21-year-old student from Monterey, is so leery of strangers that she asked that her full name not be published. But as she sat in the University Union, she worried aloud about being twice confronted with the possibility of identity theft.

She is not sure yet if she faces identity theft exposure from Cal Poly, but she has received a letter from UC San Diego related to her application there in November 2000.

"Since I didn't even get into UC San Diego, why am I still stuck in their system? Why don't they just throw my information away?" she asked. "I didn't even apply online. I did the paper application and sent it in. Somebody had to put me in a computer, and leave me there."

Officials from the Cal State system and UC San Diego say they have no proof that either incident has resulted in the use of identity theft to open credit card accounts or to otherwise defraud students and staff.

While these cases give the impression that vulnerability to identity theft is high, it was not until July 2003 that legislation went into effect requiring notification.

<< Previous Page | Next Page >>