A possible computer security breach at the University of California at San Francisco may have put 46,000 campus and medical center faculty, staff and students at risk of identity fraud.
Personal information, including names, Social Security numbers and bank account numbers used for electronic payroll and reimbursement deposits may have been released from a server located at a University of California data center in Oakland, Calif., UCSF said in a statement Wednesday.
The incident was identified late last month and the server in question was taken offline, UCSF said. No patient information was stored on the system, it said. "There is no specific evidence that data on this server were accessed inappropriately, but we cannot rule out such access," the university said on its Web site.
UCSF has alerted the affected people, urging them to look for signs of identity fraud and suggesting they place a fraud alert on their credit reports. The school has established a Web site and hotline number to offer assistance.
There has been a string of data breaches in recent years. In 2005, UC Berkeley warned more than 98,000 people that the theft of a laptop from its graduate school admissions office exposed their personal information. That laptop was later recovered.
Since early 2005, more than 150 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.
Identity fraud continues to top the complaints reported to the Federal Trade Commission. Such complaints, which include credit card fraud, bank fraud, as well as phone and utilities fraud, accounted for 36 percent of the total 674,354 complaints submitted to the FTC and its external data contributors in 2006.