A stolen external hard drive from a Fresno State campus building has compromised the personal information of approximately 15,000 people, 300 of which are currently affiliated with the university.
Fresno State announced today the hard drive, which was reported stolen on Jan. 12, contained files that may hold personal information, including names, addresses, phone numbers, dates of birth, full or last four digits of Social Security numbers, credit card numbers, driver’s license numbers, passport numbers, usernames and passwords, health-insurance numbers and personal health information.
“The University is addressing this incident as a top priority to ensure that all affected parties have been notified and that information and applicable resources are made available,” said Orlando Leon, chief information officer. “Though this appears to be an isolated incident, we take any data theft very seriously and will review campus policies to ensure we have best procedures in place when it comes to security of confidential and sensitive data.”
Fresno State said there is no reason to believe that the hard drive was stolen for the information it contained. To date, the University has not received any reports that any of the stolen information has been accessed or misused in any way.
A police investigation began immediately after the theft of the hard drive occurred and is ongoing. In addition, the University has retained the services of a nationally recognized data-security firm, which helped to quantify and identify individuals whose information may have been exposed.
The larger group affected includes population sets such as former student athletes, sports-camp attendees, and Athletic Corporation employees. The vast majority of data files were from 2003 to 2014.
Notification of affected individuals began this week as soon as University officials could verify the extent of the breach and the names and contact information of those affected, and the proper notification process. For those whose contact information was not available, a substitute notice will be posted on Fresno State’s website and applicable attorneys general websites for at least 30 days.
People notified of the potential data breach of their personal information are encouraged to review the notification letter and the steps outlined to check if any suspicious activity occurred on their credit reports. Free credit monitoring will be offered for one year to those whose Social Security number, financial account information or driver’s license was exposed.
Those who received a notification in the mail or who have concerns may call 877-646-7924. The call center is open Monday through Friday from 6 a.m. and 6 p.m.