Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

Stolen data worries UI staff

Associated Press The Spokesman-Review

MOSCOW, Idaho – University of Idaho employees worry they could fall prey to identity theft after learning computers with their personal data were stolen from an insurance firm bidding on the school’s health contracts.

The university told about 3,000 current and former employees this week of the March 31 burglary from Medical Excess LLC.

Medical Excess is an affiliate of American International Group Inc. – an insurance company that requested UI employee data last year to prepare a bid for the university’s benefits contract.

In June, the company confirmed that a laptop and computer server went missing from one of its offices in the Midwest. The UI employees join more than 900,000 people whose personal information has been stolen.

The theft would only affect

people on the university’s health plan in late 2004 and early 2005, UI spokeswoman Joni Kirk said.

The server contained data from hundreds of organizations and included names, birth dates, addresses and, in some cases, Social Security numbers.

Social Security numbers for UI employees were not among the stolen information, said Lloyd Mues, UI vice president of finance and administration.

Campus staff had replaced employee Social Security numbers with computer-generated phantom numbers before submitting the information to the insurance company. The school also encrypted the entire file, Mues said.

“I’m proud of what we did in the beginning,” Mues said. “We’ve done everything we’re supposed to do, and a file was stolen at an organization we have no control over.”

He urged employees to monitor their personal information and finances, but not to panic.

“To this date, no one even knows if the encrypted file has been accessed because there is no reason for someone to know there is an encrypted file there,” he said.

Before Medical Excess notified UI of the theft, the company began sending letters to individual employees. Mues said he responded by drafting a letter on Wednesday that warned workers of risks posed by the break-in.

In addition to names and birth dates, the stolen file for some UI employees also included Vandal card and health plan numbers.

“Name and date of birth is enough information for a person to try to obtain information about you, so we still are recommending precautions be taken,” Mues said. “I’m not ever going to say don’t worry.”

Carol Hahn, a former UI employee who now lives in Anacortes, Wash., said she’s wary after reading about highly publicized cases, like the recent theft of a federal computer that contained the personal information of millions of veterans.

“Of course, we’re all a little paranoid about identity theft,” she said. “I’m in a wait-and-see mode.”