The University of California, Berkeley (UC Berkeley) has begun notifying more than 160,000 students, alumni and others about the potential compromise of their Social Security numbers, health insurance information and other personal data, following a database intrusion at the university. The University began notifying students, alumni and others that their personal information may have been stolen after hackers attacked restricted computer databases in the campus’s health services center.
The databases contained individuals’ Social Security numbers, health insurance information and non-treatment medical information, such as immunization records and names of some of the physicians they may have seen for diagnoses or treatment.
UC Berkeley administrators pointed out that the hackers fortunately did not access University Health Services’s (UHS) medical records, which include patients’ diagnoses, treatments and therapies. Those records are stored in a separate system and were not affected by this crime.
The campus learned of the breach in April, immediately removed from service the exposed databases to prevent any further attacks, and alerted campus police and the FBI. In all, more than 160,000 individuals will be alerted, including those who had their Social Security numbers accessed and others who may be at risk for identity theft. E-mails were issued starting today, and letters should start arriving over the next week. These communications will also include guidance on steps these individuals should take to guard against potential identity theft. A hotline has been established to answer any questions from individuals who received notices.
The victims of this crime are current and former UC Berkeley students (as well as their parents and spouses, if linked to insurance coverage) who had UHS health care coverage or received services. The campus is also sending notification letters to approximately 3,400 Mills College students who received, or were eligible to receive, health care at UC Berkeley.
The data for UC Berkeley students, alumni and their parents date back to 1999. The information involving Mills College former and current students dates back to 2001.
The server breach began on Oct. 9, 2008, and continued until April 9, 2009, when campus computer administrators performing routine maintenance identified messages left by the hackers. Administrators immediately activated an emergency security incident team to investigate the scope and impact of the breach; evidence uncovered to date suggests that the attack was launched by hackers based overseas. The attackers accessed a public Web site and subsequently bypassed additional secured databases stored on the same server.
“The university deeply regrets exposing our students and the Mills community to potential identity theft. The campus takes our responsibility as data stewards very seriously. We are working closely with law enforcement and information security experts to identify the specific causes that may have contributed to this breach and to implement recommendations that will reduce our exposure to future attacks.”
said Shelton Waggener, UC Berkeley’s associate vice chancellor for information technology and its chief information officer.
Individuals whose names and personal data were stolen should consider placing a fraud alert on their credit reporting accounts. The campus has set up a website, datatheft.berkeley.edu, to assist these individuals with contact information for key resources, and it has established a 24-hour Data Theft Hotline, 888-729-3301, to answer their questions.
No comments yet.