University of California, Berkeley, officials said on Friday that hackers infiltrated restricted computer databases, putting at risk health and other personal information on 160,000 students, alumni and others.
The university said data include Social Security numbers, birth dates, health insurance information and some medical records dating back to 1999. Personal medical records — such as patient diagnoses, treatments and therapies — were not compromised, officials said.
The databases also included personal information of parents, spouses and Mills College students who used or were eligible for Berkeley’s health services.
In all, 97,000 Social Security numbers were stolen, said Shelton Waggener, UC Berkeley’s associate vice chancellor for information technology and its chief information officer.
Social Security numbers can be used by identity thieves to access a person’s current credit history, or bank and credit card accounts, according to the California Office of Privacy Protection. The numbers can also be used to open new bank and credit accounts, or even get a driver’s license in the victim’s name, privacy-protection officials warn.
The school has identified 160,000 total names in the database and contacted everyone regardless of whether their Social Security number also was compromised.
The server breach occurred on Oct. 6, 2008, and lasted until April 9, when campus staff performing routine maintenance found messages the school said were left by the hackers.
“The indications are that the hackers left messages to the system administrator taunting the system administrator that they had broken in,” Waggener said. “It’s a common hacker approach for identifying themselves.”
The school said it had traced the hackers’ computers to a number of overseas locations, including China, and turned that information over to the FBI and campus police. An outside Internet security firm has also been hired to conduct an audit of the school’s systems and its information security measures.
Although the breach was discovered April 9, former and current students did not receive e-mail notification of the hacks until Friday morning. The university said it took forensic technology experts until April 21 to figure out which databases were hacked.
“Since then a team of more than 20 people from across the campus have been working seven days a week to determine the exact scope and nature of the breach,” the school said.
It established a Web site at http://datatheft.berkeley.edu to answer questions about the incident.
Graduate student Kate Monroe, 27, said she was taking the school’s warning seriously and planned to have a free fraud alert added to her credit report.
“My mom has dealt with identity theft and it’s no joke,” Monroe said. “Getting her identity cleaned up has been nearly impossible.”
The school said Friday it had not received any reports of identity theft from any students who were notified.
Related Posts
- Apple to preview new iPhone software next week
- Facebook adds more security by going HTTPS
- Verizon staff had unauthorized access to Obama's cell
- Intel fined $1.45 billion in Europe
- Former Facebook exec Van Natta to be MySpace CEO
Related Websites
- New Loan Funded — Secure Borrower needs funds to complete rental houses — $25,000 at 12.00% — AA Credit — DTI 25%
- Information Security vs Information Privacy
- Healthy Green Alternatives Push Asbestos Out of the Home
- ISACA’s Certified Information Security Manager (CISM) Certification Early Exam Registration Deadline
- When you Sue a School, Does Anyone Win?
{ 2 comments }
