University of Idaho issues data-theft alert

BOISE, Idaho — The University of Idaho began notifying 331,800 employees, students, alumni and donors Thursday that their personal information might have been compromised after three desktop computers were stolen from the Moscow school.

The computers were stolen from the university's Advancement Services office during the Thanksgiving holiday, but authorities asked university officials to delay notifying the public to preserve the integrity of the criminal investigation.

An office employee discovered the theft and reported it to Moscow police. The case was transferred to the Latah County Sheriff's Office.

"We deeply regret this incident and the worry and inconvenience it may cause, but we want to assure donors, alumni, students and employees that the University of Idaho is strengthening its processes for securing and storing our sensitive data," university President Timothy White said.

The hard drives did not contain credit-card or other personal account information, and there was no evidence anyone's identity had been stolen, said Christopher Murray, vice president for university advancement.

"Our immediate concern is to alert those whose information may have been compromised," Murray said.

An internal investigation by the university revealed that, six months before the theft, the computers' hard drives contained names, addresses and Social Security numbers for about 70,000 people.

However, that office accesses information from the university's larger data system.

As a precaution, the university elected to notify 331,800 individuals whose information may have been accessed by the Advancement Services office as part of its work at the university.

The office manages data for the Advancement Division, which handles the university's fundraising and development, alumni relations, and communications and marketing.

"We've taken the largest universe possible because we're being very cautious, and that's the 331,800 number," Murray said.

The university began notifying in-state residents by e-mail Thursday; out-of-state residents and in-state residents who do not have e-mail will receive a notification letter by regular mail.

The university has since taken steps to improve its electronic security, including removing sensitive information from some computers, installing encryption software on computers that access sensitive information and enhancing security.

The school also set up a telephone hotline, 866-351-1860, and established a Web site with information about the incident and identity-protection information: www.identityalert.uidaho.edu.

Last month, the University of California, Los Angeles, alerted about 800,000 current and former students, faculty and staff that their names and certain personal information were exposed after a hacker broke into a campus computer system.

It was one of the largest such breaches involving a U.S. higher-education institution.