Officials at the University of California, Berkeley, confirmed today that hackers broke into their databases in October and accessed data until last month. The data includes social security numbers and non-treatment medical information going back as far as 1999.
Hackers broke into
databases at the University of California, Berkeley, and got access to student
and alumni records, the university admitted today.
According to school officials
the data theft began Oct. 9 and went undetected until early April, when
campus administrators performing routine maintenance identified messages left
on a server by the hackers. The databases
that were infiltrated
contained social security numbers, health insurance
information and non-treatment medical information such as immunization records.
According to the university, the
attackers accessed a public Website and subsequently bypassed
databases stored on the same server. So far the evidence
suggests the intruders began to probe the system in September, and successfully
broke into the server and its databases in early October.
After their final
theft of data last month
, campus technology experts discovered the messages
on the server and were able to determine the scope and duration of thefts. The
school has contacted the FBI, and has also launched an internal investigation that
is being conducted in conjunction with PricewaterhouseCoopers.
In all, the school plans to
notify more than 160,000 individuals who either had their Social Security
numbers accessed or may be at risk for identity theft. In addition to UC
Berkeley students and alumni, current and former students of Mills College who received or were
eligible for health care at UC Berkeley were also affected. The
data for the current and former students from UC Berkeley dates back to
1999; for the Mills College students and alumni, the data
goes back to 2001.
"The university deeply
regrets exposing our students and the Mills community to potential identity
theft," said Shelton Waggener, UC Berkeley's associate vice chancellor for
information technology, in a statement. "The campus takes our
responsibility as data stewards very seriously. We are working closely with law
enforcement and information security experts to identify the specific causes
that may have contributed to this breach and to implement recommendations that
will reduce our exposure to future attacks."