A data breach at University of California, Berkeley, exposed the data of more than 160,000 current and former UC Berkeley students and 3,400 Mills College students, according to a university announcement last week.
Hackers broke into two databases in the campus health services center from Oct. 9, 2008 until April 9, 2009. The databases contained Social Security numbers, health insurance information and non-treatment medical information, such as immunization records and names of some of the physicians that students may have seen for diagnoses or treatment.
The databases also contained information related to health insurance coverage and some medical information such as one's immunization history, UHS medical record number, dates of visits or names of providers seen or, for a student participating in UC Berkeley's Education Abroad Program, certain information from his or her self-reported health history, according to a UC Berkeley news release. University medical records are stored in a separate system and were not breached.
Universities have been particularly prone to data breach incidents. A hacker exploited a University of California, Los Angeles database in 2006 exposing the personal information of 800,000 staff and students. Last year, a hacked server at the University of Florida's College of Dentistry, exposed 300,000 to identity theft. In 2005, a University of Southern California database containing about 270,000 records of past applicants was cracked into by a hacker.
The Berkeley databases were immediately removed from service by investigators from the campus police and the FBI. The university said it is alerting all 160,000 affected by the breach via email and notification letters. A Berkeley data theft website and hotline (888-729-3301) was also established to answer questions from individuals who received notices.
"We are working closely with law enforcement and information security experts to identify the specific causes that may have contributed to this breach and to implement recommendations that will reduce our exposure to future attacks," said Shelton Waggener, UC Berkeley's associate vice chancellor for information technology and its chief information officer.