UC Berkeley breach affects 160,000

Article

UC Berkeley breach affects 160,000

A data breach at University of California, Berkeley, exposed the data of more than 160,000 current and former UC Berkeley students and 3,400 Mills College students, according to a university announcement last week.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Hackers broke into two databases in the campus health services center from Oct. 9, 2008 until April 9, 2009. The databases contained Social Security numbers, health insurance information and non-treatment medical information, such as immunization records and names of some of the physicians that students may have seen for diagnoses or treatment.

The databases also contained information related to health insurance coverage and some medical information such as one's immunization history, UHS medical record number, dates of visits or names of providers seen or, for a student participating in UC Berkeley's Education Abroad Program, certain information from his or her self-reported health history, according to a UC Berkeley news release. University medical records are stored in a separate system and were not breached.

 

Universities have been particularly prone to data breach incidents. A hacker exploited a University of California, Los Angeles database in 2006 exposing the personal information of 800,000 staff and students. Last year, a hacked server at the University of Florida's College of Dentistry, exposed 300,000 to identity theft. In 2005, a University of Southern California database containing about 270,000 records of past applicants was cracked into by a hacker.

The Berkeley databases were immediately removed from service by investigators from the campus police and the FBI. The university said it is alerting all 160,000 affected by the breach via email and notification letters. A Berkeley data theft website and hotline (888-729-3301) was also established to answer questions from individuals who received notices.

"We are working closely with law enforcement and information security experts to identify the specific causes that may have contributed to this breach and to implement recommendations that will reduce our exposure to future attacks," said Shelton Waggener, UC Berkeley's associate vice chancellor for information technology and its chief information officer.