Computer logs indicate the information was obtained by computers in Austin and Houston over a five-day period that began last Wednesday, according to UT officials. They don't know yet if the identification information was used for any illegal purposes.
Don Hale, vice president for public affairs at UT-Austin, said Thursday state and federal authorities are trying to recover the data as quickly as possible.
"The first step is to recover the data and determine how it has been used ... if it has been used," he said. "It could very well be that whoever took this simply has it and it has not been compromised beyond that."
The U.S. attorney and the Travis County district attorney have been called into the investigation and they have prepared search warrants. No other details were immediately available from law enforcement.
Hale said UT officials would not attempt to contact every person who might be affected by the loss of the data until they know more about it's status. He said a link on the UT Web site at utexas.edu/datatheft would have the latest information.
UT officials said the computer breach could have been prevented with basic precautions and they are redoubling security measures and plans to phase out most uses of Social Security numbers on the Austin campus.
"We flat out messed up on this one," said Dan Updegrove, the university's vice president for information technology, in an interview with the Austin American-Statesman. "Shame on us for leaving the door open, and shame on them for exploiting it. Our No. 1 goal is to get those data back before they get misused."
Updegrove said the theft was discovered Sunday by administrators of university computer systems doing routine checks. He said they immediately disconnected the compromised database from Internet access.
The hackers obtained e-mail addresses and, for some current faculty and staff members, office addresses and phone numbers. No grade, health or benefit records were obtained, Updegrove told the newspaper.
UT records should never have been accessible to anyone off campus or to anyone who is not an employee supervisor, he said, adding that he doesn't know yet how the violation of security procedures occurred.
Key pieces of identification such as Social Security and driver's license numbers can be used illegally to obtain credit, merchandise and services in the name of the victim, according to the Identity Theft Resource Center, a non-profit group based in San Diego.