Web Historical Disclaimer:
This is a historical page and is no longer maintained. Read our Web history statement for more information.
Data Theft Incident Response
Information below deals with the SSN data theft that occurred at The University of Texas at Austin in Spring 2003. Information about the Spring 2006 McCombs School incident is available at the McCombs School Data Theft page.
--September 7, 2005 --
On September 6, 2005, Christopher Andrew Phillips was sentenced to five years probation and ordered to pay restitution for accessing protected computers without authorization and possession of stolen Social Security numbers. Read the full press release.
--June 13, 2005 --
On June 10, 2005, a federal jury found Christopher Phillips guilty of accessing protected computers without authorization, a.k.a. computer hacking, and possession of stolen Social Security numbers. Read the full press release.
-- Nov. 8, 2004 --
On Nov. 3, 2004, United States Attorney Johnny Sutton announced that Christopher Andrew Phillips was indicted by a federal grand jury in Austin for accessing protected computers without authorization and attempting to defraud in connection with computers. Read more >
If you are concerned that you might be a victim of credit card or identity theft as it relates to this incident please direct your questions to:
-- October, 2003 --
The University of Texas at Austin regrets that one of its administrative databases was breached in March by a deliberate attack through the Internet. Thousands of names and Social Security numbers were illegally accessed and downloaded to a personal computer. Fortunately, it appears that prompt action by the Travis County District Attorney's Office, the U.S. Attorney's Office, and the U.S. Secret Service has secured the stolen data before they could be misused or further disseminated.
From Sunday evening, March 2, when the security breach was discovered, until Wednesday evening, March 5, the University devoted all available resources to identifying the origin of the attack and working with law enforcement to secure the data. Since March 5, when a search warrant was executed and a computer and related materials confiscated, the University has focused on communication with those affected by the security breach and with the general public.
In particular, the University wishes to call attention to the March 14 statement of United States Attorney Johnny Sutton: "At this point, there is no indication that the stolen data was further disseminated or used to anyones detriment." This statement followed the filing of a criminal complaint against a suspect in the attack.
While the U.S. Attorney's statement is reassuring, the University does not seek to minimize the concern raised by this incident. Accordingly, this Web site makes available several communications mechanisms for concerned individuals, as well as a set of resources for monitoring credit records and protecting your identity.
If you are unfamiliar with the origins of this incident and the University's response, see "Initial Report."
The "Am I Affected" page lists the three ranges of Social Security numbers that were used to attack the the University system. A total of 2,670,797 SSNs fall in this range, whereas only 55,200 SSNs were exposed from the the University database. If you have had no affiliation with UT Austin or any University of Texas System component, it is highly unlikely that you are affected, even if your SSN falls within range.
If you believe you are affected, or might be affected, we encourage you to complete the online form at "How To Contact Us" so that we are assured of an up-to-date postal mail and e-mail address for you. As of October 2003, the University has successfully contacted 92 percent of the individuals known to be affected by the data theft incident, and continues its efforts to reach the remaining affected population.