Data Intrusion
? Incident: Personal records on a UC Berkeley computer may have been compromised
? Affected: Up to 1.4 million providers and clients of the California Department of Social Services
? So far: The state says there's no sign the data was stolen or misused
? Steps: Those affected are warned to contact the major credit bureaus and put warnings on their credit card accounts
? For more information: See the DSS site.

"We have only determined that the computer itself was accessed," said Carlos Ramos, assistant secretary at the California Health and Human Services Agency. "We haven't determined that the data was accessed."

The FBI and the California Highway Patrol--the state police agency--are investigating the incident, the California DSS stated.

The intrusion is not the first to net personal information at a university. A laptop stolen from the University of California, Los Angeles, exposed about 145,000 people's data. Last year, the Georgia Institute of Technology and the University of Texas at Austin fell prey to online attackers. The California Employment Development Department also may have exposed 55,000 names in February.

In the latest case, a UC Berkeley researcher had lawfully obtained the information as part of a research project into the effectiveness of the In Home Support Services (IHSS) program. However, he had not followed policy that specified that sensitive information, such as Social Security numbers, be removed from the database.

The participants may not have known that their information would be shared, but the Department of Social Services is allowed by law to share the information for the purpose of research.

While about 1.4 million records may have been compromised, there also may have been many duplicates, said California's Ramos. The researcher had the initial database and several updates that brought the total to 1.4 million records, but many of the updates may have been updates of earlier personal information already in the database, he said.

The state stressed in its statement that officials had not received any information indicating that identity theft or misuse of data had occurred. However, the state also recommended that members of the IHSS program contact the three credit bureaus and place a fraud alert on their credit accounts.

A recent survey of online users found that 80 percent are concerned that someone may steal their identity. The survey, fielded by pollster Greenfield Online and security firm Entrust, found that 65 percent of respondents said increased identity protection would influence their decision in selecting a financial institution.

The California government's recommendations for potential victims of the data theft underscore how little people can do to curb the illegal use of their information. While putting credit accounts on fraud alert may make it harder to co-opt financial accounts, forget trying to change a Social Security number, the Department of Social Services stated.

"There are drawbacks to doing so, since it may result in losing your credit history, your academic records and professional degrees," the department said in a statement. "The absence of any credit history under a new SSN would make it difficult to get credit, continue college, rent an apartment, open a bank account, get health

By Robert Lemos
C|Net News