A computer attack at the University of Texas at Dallas was worse than officials first thought. They now say Social Security numbers and other personal information may have been exposed for up to 35,000 faculty, current and former students, staff and others, putting them at risk of identify theft.

Officials said Friday that the names and Social Security numbers of 29,000 library cardholders may have been exposed. That group mainly includes students, faculty and staff, along with a few hundred people who aren't affiliated with UTD but have used its library.

UTD officials first reported the computer attack in December and said 6,000 people were affected. They're in two main groups: people employed by UTD anytime between 1999 and 2005; and current and former students and faculty in the Erik Jonsson School of Engineering and Computer Science, plus applicants for admission from 1993 on.

For those two groups, information possibly exposed includes names and Social Security numbers. In some cases, addresses, e-mail addresses and telephone numbers were also exposed.

Campus officials said they have analyzed the entire network and believe they have a complete list of records at risk. The total number of people affected is probably less than 35,000 because some records overlap, they said.

"We don't know that anyone's personal data was viewed, downloaded or exposed, but we know it could have been exposed," UTD spokeswoman Susan Rogers said.

And there's still no evidence that hackers have used or spread the information, campus officials said.

UTD police and the FBI are still investigating the attack, and no arrests had been made. There is evidence the attack was "somewhat automated," said Ms. Rogers, who declined to elaborate.

UTD is contacting affected people by mail. They can also go online at www.utdallas.edu/datacompromise to learn how to protect their credit information.

Ms. Rogers said UTD has beefed up its computer security, "but I cannot tell you what we did because that would tend to expose us to further attack."

Campus officials say they've taken steps to reduce the use of Social Security numbers on campus, but they can't eliminate them completely.

"That is the identifier for tax and other reasons," Ms. Rogers said. "Ultimately we do need to keep SSNs."

E-mail hhacker@dallasnews.com