UC Berkeley recovers stolen laptop with 98,000 names

Campus police at the University of California, Berkeley have recovered a stolen laptop that contained information of more than 98,000 of the school’s graduate students. The laptop’s hard drive had been wiped clean of information and then sold on an Internet auction site, making it impossible to determine whether or not the sensitive information it had contained was ever accessed, the University said in a statement.

The laptop was stolen on March 11, after being left unattended in the school’s Graduate Division, prompting U.C. Berkeley to begin sending letters and emails to the 98,369 graduate students and applicants whose names and personal information had been stored on the computer.

Many of the laptop’s files contained sensitive information like birthdates, addresses and U.S. Social Security numbers, in addition to names. California law requires that such efforts be made to contact those affected in data theft cases.

About a month after the theft, an unidentified woman sold the laptop to a San Francisco man, who then sold it on eBay to an unsuspecting South Carolina resident, said Janet Gilmore, spokeswoman for U.C. Berkeley

That San Francisco man, Shuki Alburati, was arrested on June 8 and charged with possession of stolen property, Gilmore said. That case is pending, she said.

By the time it was recovered, the computer’s hard drive had been wiped clean and outfitted with a new operating system, making it virtually impossible to determine whether the sensitive information had ever been accessed, Gilmore said.

Gilmore would not say how the police managed to track the laptop to South Carolina.

In late April, Berkeley engaged PricewaterhouseCoopers LLP to conduct an audit of the way the school handles sensitive material and it is now evaluating how to implement the audit’s recommendations, Gilmore said.

Even before this theft, the California State University system had been working to encrypt data on its laptops and portable devices, a policy that was spurred by similar data thefts. Last September, one of the state universities lost a laptop hard drive containing sensitive information on 23,000 students and employees.