Fresno State announced today it has discovered a personal-information data exposure potentially affecting approximately 15,000 people, 300 of whom are currently affiliated with the University. The larger group includes population sets such as former student athletes, sports-camp attendees, and Athletic Corporation employees. The vast majority of data files were from 2003 to 2014.
The information was contained on an external hard drive that was stolen, along with other items, from a campus building. To date, the University has not received any reports that any of the stolen information has been accessed or misused in any way, and there is no reason to believe that the hard drive was stolen for the information it contained.
The hard drive was reported missing on Jan. 12. Some files may have contained some personal information, including names, addresses, phone numbers, dates of birth, full or last four digits of Social Security numbers, credit card numbers, driver’s license numbers, passport numbers, user names and passwords, health-insurance numbers and personal health information.
Notification of affected individuals began this week as soon as University officials could verify the extent of the breach and the names and contact information of those affected, and the proper notification process. For those whose contact information was not available, a substitute notice is being made on www.fresnostate.edu and applicable attorneys general websites for at least 30 days.
A police investigation began immediately after the theft of the hard drive occurred and is ongoing. In addition, the University has retained the services of a nationally recognized data-security firm, which helped to quantify and identify individuals whose information may have been exposed.
“The University is addressing this incident as a top priority to ensure that all affected parties have been notified and that information and applicable resources are made available,” said Orlando Leon, chief information officer. “Though this appears to be an isolated incident, we take any data theft very seriously and will review campus policies to ensure we have best procedures in place when it comes to security of confidential and sensitive data.”
To help reduce the possibility of similar incidents from happening in the future, Fresno State is reinforcing its procedures with its employees regarding the proper storage of confidential information and the importance of protecting portable electronic devices.
People notified of the potential data breach of their personal information are encouraged to review the notification letter and steps outlined to check if any suspicious activity occurred on their credit reports. Free credit monitoring will be offered for one year to those whose Social Security number, financial account information or driver’s license was exposed.
Those who received a notification in the mail or who have concerns may call: 877-646-7924. The call center is open Monday through Friday, between 6 a.m. and 6 p.m. PST.