Infosecurity

US school data breach affects 160,000

By Alice Kok | 14 May 2009

A data breach at University of California, Berkeley, exposed the data of more than 160,000 current and former UC Berkeley students and 3400 Mills College students.

View photos

Related Categories

• INFOSECURITY

From this Section

• NEWS

Hackers broke into two databases in the campus health services centre from 9 Oct 2008 until 9 April 2009. The databases contained social security numbers, health insurance information and non-treatment medical information, such as immunisation records and names of some of the physicians that students may have seen for diagnoses or treatment.

According to a UC Berkeley news release, university medical records are stored in a separate system and were not breached.

The Berkeley databases were immediately removed from service by investigators from the campus police and the FBI. The university said it is alerting all 160,000 affected by the breach via email and notification letters. A Berkeley data theft website and hotline was also established to answer questions from individuals who received notices.

“We are working closely with law enforcement and information security experts to identify the specific causes that may have contributed to this breach and to implement recommendations that will reduce our exposure to future attacks,” said Shelton Waggener, UC Berkeley’s Associate Vice Chancellor for information technology and its chief information officer.

American universities have been particularly prone to data breach incidents. A hacker exploited a University of California, Los Angeles database in 2006 exposing the personal information of 800,000 staff and students. Last year, a hacked server at the University of Florida’s College of Dentistry, exposed 300,000 to identity theft. In 2005, a University of Southern California database containing about 270,000 records of past applicants was cracked into by a hacker.