Fresh data leak scare at US university

A possible computer security breach at the University of California at San Francisco (UCSF) may have put 46,000 campus and medical centre faculty, staff and students at risk of identity fraud.

Personal information, including names, Social Security numbers and bank account numbers used for electronic payroll and reimbursement deposits may have been released from a server located at a University of California data centre in Oakland, California, UCSF said in a statement.

The incident was identified late last month and the server in question was taken offline, UCSF said. No patient information was stored on the system, it said. "There is no specific evidence that data on this server were accessed inappropriately but we cannot rule out such access," the university said on its website.

UCSF has alerted the affected people, urging them to look for signs of identity fraud and suggesting they place a fraud alert on their credit reports. It has established a website and hotline number to offer assistance.

There has been a string of data breaches in recent years. In 2005, UC Berkeley warned more than 98,000 people that the theft of a laptop from its graduate school admissions office exposed their personal information. That laptop was later recovered.

Since early 2005, more than 150 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.

Identity fraud continues to top the complaints reported to the US Federal Trade Commission (FTC). Such complaints, which include credit card fraud, bank fraud, as well as phone and utilities fraud, accounted for 36 per cent of the total 674,354 complaints submitted to the FTC and its external data contributors last year.

Joris Evers writes for CNET News.com