Altogether, the stolen data included Social Security numbers, health insurance information and nontreatment medical information, such as immunization records and the names of some of the physicians the victims have seen for diagnoses or treatment. However, personal records, such as patients' treatments and therapies, were stored in a separate system overseen by University Health Services (UHS) and not affected by the data breach, university officials said in a statement.
Officials have since removed from service the exposed databases, and alerted the FBI and campus police. They also have commissioned the services of an independent IT security firm to investigate the incident. Officials said that evidence indicates the attack was launched by hackers based overseas. During the attack, the hackers infiltrated a public Web site while bypassing additional secured databases stored on the same server.
Victims include current and former Berkeley students dating back to 1999, in addition to their parents and spouses who were under UHS health care coverage or received services. Data breach victims also include about 3,400 Mills College students, dating back to 2001, who received or were eligible to receive Berkeley's health care services.
The breach occurred on Oct. 9, 2008, and continued until April 9, 2009, before a campus IT administrator discovered messages left by the hackers while conducting routine maintenance.
The university notified all affected data breach victims after learning of the hack. The university issued e-mails Friday to some victims, while others are expected to receive notification letters next week. The communication included tips on steps victims should take to protect themselves against identity theft. Administrators advised affected individuals to place a fraud alert on their credit reporting accounts. The university has established a Web site containing contact information for key resources and has set up a 24-hour hotline to field questions for data breach victims.
Once the breach was discovered, university officials activated an emergency security incident team to investigate the scope and impact of the breach.
"The university deeply regrets exposing our students and the Mills community to potential identity theft," said Shelton Waggener, Berkeley associate vice chancellor for information technology and chief information officer. "The campus takes our responsibility as data stewards very seriously. We are working closely with law enforcement and information security experts to identity the specific causes that may have contributed to this breach and to implement recommendations that will reduce our exposure to future attacks."
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center