The Hoya is reporting a major security breach at Georgetown University which exposed the personal information of nearly 40,000 students and faculty to identity theft.

An unencrypted hard drive containing billing information, including Social Security numbers, was stolen on Jan. 3 from the Office of Student Affairs. The information pertained to students enrolled at the university from 1998 through 2006, as well as some faculty and staff members.

The theft is under investigation by D.C. police. The university has not learned of any reports of identity theft since the theft. The school has made arrangements to provide free credit monitoring services.

A reader posted to our tipline the entire letter sent out to affected students and faculty by David Lambert, vice president and chief information officer for University Information Services. We’ve placed it below the jump.