Stolen hard drive contained addresses, credit card details, and Social Security numbers

The theft of a hard drive belonging to California State University, Fresno may have compromised the personal information of up to 15,000 people.

Providing notice of the security incident on its website earlier this week, the university said it has been actively investigating a break-in at its athletics department, which occurred during the last week of December.

“On January 12, 2018, Fresno State discovered an external hard drive was stolen during that break-in,” the university said. “Fresno State immediately took steps to determine what information may have been on the hard drive.

“It determined some files on the hard drive may have contained personal information of population sets such as former student athletes, sports camp attendees and Athletic Corporation employees.“

According to Fresno State, this information included names, addresses, phone numbers, dates of birth, full or last four digits of Social Security numbers, credit card numbers, driver’s license numbers, passport numbers, user names and passwords, health insurance numbers, and personal health information.

Press reports emerging from California said the breach could affect up to 15,000 individuals.

The university said it has “no reason to believe” that any of the information on the hard drive has been accessed or misused, although it gave no indication as to whether or not the hard drive was encrypted.

“The university began mailing letters to individuals whose information may have been affected on March 6, and is offering complimentary credit monitoring for those individuals whose Social Security number or bank or credit card information may have been affected,” the alert read.

The university hard drive theft is the latest in a series of data breaches to have taken place in the Golden State.

Last month, California’s Department of Fish and Wildlife (CDFW) announced it had launched its own investigation into a data incident that resulted in the personally identifiable details of thousands of employees being compromised.

According to Gabe Tiffany, deputy director of administration at the state agency, a former employee downloaded the information to an unencrypted personal device and took the data outside of CDFW’s secure network.

California fell under the spotlight again in February, after the Sacramento Bee said two databases – one containing voter contact information and another containing details of 53,000 subscribers – had been targeted by a ransomware attack.