A computer attack at the University of Texas at Dallas is worse than officials first thought. Campus officials now say Social Security numbers and other personal information may have been exposed for up to 35,000 faculty, current and former students, staff and others, putting them at risk of identify theft.
Officials said Friday that the names and Social Security numbers of 29,000 library card holders were possibly exposed. That group mainly includes students, faculty and staff, along with a few hundred people who are not affiliated with UTD but have used its library.
UTD officials first reported the computer attack in December and said 6,000 people were affected. They're in two main groups: people employed by UTD any time between 1999 and 2005; and current and former students and faculty in the Erik Jonsson School of Engineering and Computer Science, plus applicants for admission from 1993 on.
For those two groups, information possibly exposed includes names and Social Security numbers and in some cases, addresses, e-mail addresses and telephone numbers.
Campus officials said they have analyzed the entire network system and believe they have a complete list of records at risk. The total number of people affected is likely less than 35,000 because some records overlap, they said.
"We don't know that anyone's personal data was viewed, downloaded, or exposed, but we know it could have been exposed," UTD spokeswoman Susan Rogers said.
And there's still no evidence that hackers have used or spread the information, campus officials said.
UTD Police and the FBI are still investigating the attack, and no arrests have been made. There is evidence the attack was "somewhat automated," Ms. Rogers said, but declined to elaborate.
UTD is contacting affected people by mail. They can also go online to http://www.utdallas.edu/datacompromise to learn how to protect their credit information.
Ms. Rogers said UTD has beefed up its computer security, "but I cannot tell you what we did because that would tend to expose us to further attack."
Campus officials say they've taken steps to reduce the use of Social Security numbers on campus, but they can't eliminate them completely.
"That is the identifier for tax and other reasons," Ms. Rogers said. "Ultimately we do need to keep SSNs."