University of Idaho Employees on Edge over Stolen Data

July 5, 2006

University of Idaho employees worry they could fall prey to identity theft after learning computers with their personal data were stolen from an insurance firm bidding on the school’s health contracts.

The university told about 3,000 current and former employees this week of the March 31 burglary from Medical Excess, LLC.

Medical Excess is an affiliate of American International Group Inc. — an insurance company that requested UI employee data last year to prepare a bid for the university’s benefits contract.

In June, the company confirmed that a camera, laptop and computer server went missing from one of it’s offices in the Midwest. The UI employees join more than 900,000 people who had personal information stolen.

The theft would only affect people on the university’s health plan in late 2004 and early 2005, UI spokeswoman Joni Kirk said.

The server contained data from hundreds of organizations and included names, birth dates, addresses, and in some cases, Social Security numbers.

Social Security numbers for UI employees were not among the stolen information, Lloyd Mues, UI Vice President of Finance and Administration, told the Moscow-Pullman Daily News.

Campus staff had replaced employee Social Security numbers with computer-generated phantom numbers before submitting the information to the insurance company. The school also encrypted the entire file, Mues said.

“I’m proud of what we did in the beginning,” Mues said. “We’ve done everything were supposed to do, and a file was stolen at an organization we have no control over.”

He urged employees to monitor their personal information and finances, but not to panic.

“To this date, no one even knows if the encrypted file has been accessed because there is no reason for someone to know there is an encrypted file there,” he said.

Before Medical Excess notified UI of the theft, the company began sending letters to individual employees. Mues said he responded by drafting a letter on Wednesday that warned workers of risks posed by the break-in.

In addition to names and birth dates, the stolen file for some UI employees also included Vandal card and health plan numbers.

“Name and date of birth is enough information for a person to try to obtain information about you, so we still are recommending precautions be taken,” Mues said. “I’m not ever going to say don’t worry.”

Carol Hahn, a former UI employee who now lives in Anacortes, Wash., said she’s wary after reading about highly publicized cases, like the recent theft of the personal information of thousands of veterans from a federal computer.

“Of course, we’re all a little paranoid about identity theft,” she said. “I’m in a wait-and-see mode.”

Was this article valuable?

Here are more articles you may enjoy.