A hard drive containing personally identifiable information (PII) of up to 15,000 people was stolen from a Fresno State campus building earlier this year, the university revealed Tuesday.
The hard drive, which was reported missing on Jan. 12, mostly consisted of data files from 2003-14. Of the 15,000 people potentially affected, 300 are currently affiliated with the university, according to a statement, with some data sets comprised of “former student-athletes, sports-camp attendees, and Athletic Corporation employees.”
The data on the hard drive could be valuable to identity thieves. “Names, addresses, phone numbers, dates of birth, full or last four digits of Social Security numbers, credit card numbers, driver’s license numbers, passport numbers, usernames and passwords, health-insurance numbers and personal health information” could have been on the hard drive, officials said. Fresno State says it hasn’t received any notification that the data has been misused, however, and there’s “no reason to believe the hard drive was stolen for the information it contained.”
The university says a police investigation is ongoing and that a “nationally recognized data-security firm” is helping to identify the individuals with exposed data, though it didn’t specify which firm that is. People only began receiving notifications of potentially exposed data a week ago, when the university says it began to confirm the identities of those affected.
Fresno State has said it will review and reinforce its storage procedures for confidential information. It will also offer free credit monitoring for one year for individuals whose Social Security number, financial account information or driver’s license was exposed.
Fresno State is the second California university to suffer a major public data breach in recent months. In December, Stanford’s chief digital officer stepped down after failing to disclose a breach that exposed confidential student financial aid records and sensitive information of 10,000 employees.