Identity Theft Fears at Sonoma State

August 9, 2005

Stacy Finz, Chronicle Staff Writer

Hackers have broken into Sonoma State University's computer system, where they had access to the names and Social Security numbers of 61,709 people who either attended, applied, graduated or worked at the school from 1995 to 2002, university officials disclosed Monday.

So far, there have been no reports of identify theft that can be linked to the break-in, which happened in July.

It was initially believed by the university's technical staff to be a virus, but it turned out to be the latest in what has become a nationwide security problem on college campuses.

Last year, hackers gained access to more than 178,000 names and Social Security numbers of present and past San Diego State University students. Similar incidents were reported that year at colleges across California and in Georgia, Texas and New York.

Jean Wasp, a spokeswoman for Sonoma State, said campus administrators don't believe the exposed data was stolen. Nonetheless, they are using e-mails to notify as many people as they can locate addresses for -- nearly 6,000 so far -- about the security breach. She said the university was hoping that the remaining 61,709 would learn of the break-in from news reports. The campus, located in Rohnert Park, is required by law to publicize the fact that the files were compromised.

"We don't think (the hackers) took anything," Wasp said. "We don't really know what they were doing. They could have been using our system just to attack another system."

Katharyn Crabbe, vice president for student affairs and enrollment at Sonoma State, said the intruder had found a weakness in a Microsoft Windows operating system that allowed access to seven workstations containing the confidential information. Then, the hacker used the school's system to break into other workstations outside the university.

"All we know is that someone was in the room, so to speak," she said.

As soon as university officials realized what was happening, they cleaned out the workstations to prevent the hacker from returning, and they are working with Microsoft to repair the weakness in the software, Crabbe said.

The compromised data did not contain bank and financial information, credit card or driver's license numbers, she said.

Sonoma State urged anyone whose information could have been breached to contact one of the three national credit-reporting agencies to start a free fraud-alert process. More information about how to go about the procedure has been posted on the school's Web site at

Colleen Bentley-Adler, spokeswoman for the California State University chancellor's office, said at least 10 of their campuses had experienced these types of computer break-ins.

One of the steps the university system is taking is dropping the use of Social Security numbers and instead assigning students and staff unique identifiers.

"I think it's impossible to completely stop it from happening," she said. "But we're doing everything we can to make it more difficult."

main page ATTRITION feedback