UC Berkeley News
Web Feature

UC Berkeley Press Release

Update: Stolen laptop recovered

– A stolen laptop computer that contained sensitive information on more than 98,000 University of California, Berkeley, graduate students and others was traced to South Carolina and has been recovered by campus police, UC Berkeley officials announced today (Wednesday, Sept 14).

UC police note that while a lab analysis could not determine whether the sensitive campus data was ever accessed, nothing in their investigation points to identity theft nor individuals involved in identity theft. It appears, they said, that the intent was simply to steal and sell a laptop computer.

Computer laptop theft timeline
Laptop stolen from campus offices March 11
Woman sells laptop to San Francisco man April 14 (approx.)
San Francisco man places laptop for sale online April 19
South Carolina man buys laptop via online auction April 22
UCPD learns location of laptop and investigates the lead June 1
San Francisco man arrested June 8
UCPD sends laptop to Silicon Valley lab for testing June 23
Lab report received by UCPD Aug 30

According to police, an individual sold the stolen laptop around April 14 to a San Francisco man who posted it for sale on an Internet auction site about a week later. An unsuspecting South Carolina resident purchased the laptop off the Internet on April 22, police said.

The San Francisco man has been arrested and charged by the Alameda County District Attorney's Office with possession of stolen property, and the case against him is pending, police said. The man told police that he did not know the name of the woman who sold him the laptop, but he provided a description of her that matched that of a woman seen leaving the campus's Graduate Division offices on March 11 with the laptop, according to campus police.

The laptop was stolen from the inner offices of the Graduate Division when it was momentarily unoccupied around lunch time. Because the computer contained dozens of files with the names and Social Security numbers of current and former graduate students as well as others, UC Berkeley officials sent e-mails and letters to all the individuals who might be affected if that information were accessed. From the day of the theft on, campus police continued following leads and investigating the case.

Through various leads, police learned in June that the computer was in South Carolina. Working with local police there, UC police officers retrieved the computer and sent it on June 23 to a lab to be examined to determine whether the sensitive campus data had been accessed.

The computer was sent to the Silicon Valley Regional Computer Forensic Laboratory, which is operated by various law enforcement agencies and funded by the FBI. The lab performs detailed computer forensics for federal and local law enforcement agencies. Its test results, completed Aug. 5, show that the original Graduate Division hard drive and all its files had been erased and written over with a new operating system installation, leaving only residual data and making it virtually impossible to determine whether the campus's password-protected files were ever accessed, according to the lab and campus technology administrators.

The South Carolina man who purchased the laptop online told police that he installed a new operating system on the computer. Campus technology administrators state that it is not uncommon for an individual to install a new operating system when purchasing a used computer.

The San Francisco man who was arrested told police it is his practice to install a new operating system or erase and wipe clean old data from a computer before posting it for sale online, police said.

Since the time the laptop theft occurred, campus police have learned of no pattern of identity theft or credit card fraud involving those individuals with names and Social Security numbers on the Graduate Division computer.