Hackers Target Cal Student Identities

Computer hackers struck the University of California at Berkeley  between October and April, potentially accessing personal information of  160,000 students, alumni and others, university officials said Friday.

The university learned of the intrusion into computers at the  campus' health services center, which took place between Oct. 9, 2008, and  April 9 of this year, on April 21 and shut down the exposed database systems  and alerted police and the FBI.

The university began sending e-mails and letters today to more  than 160,000 people, including current and former UC Berkeley students, as  well as their parents and spouses if they were linked to insurance coverage,  who had University Health Services health care coverage or received services.

Notifications are also being sent to about 3,400 Mills College  students who either received or were eligible for health care at UC Berkeley.

The compromised data for UC Berkeley students, alumni and their  parents date back to 1999, and those for Mills College students date back to  2001.

"The university deeply regrets exposing our students and the Mills  community to potential identity theft," UC Berkeley Associate Vice Chancellor  Shelton Waggener said in a prepared statement.

"The campus takes our responsibility as data stewards very  seriously," he said, adding that the university was working with law  enforcement and computer security experts to identify and fix the causes of  the breach.

According to the university, the hacked databases contained Social  Security numbers, health insurance information and non-treatment medical  information such as immunization records and the names of doctors that may  have been seen for treatment or diagnoses.

A separate system containing University Health Services medical  records with patients' diagnoses, treatments and therapies was not accessed,  according to university officials.

The hacking was discovered by campus computer administrators  performing routine maintenance who found messages left by the hackers.

"Evidence uncovered to date suggests that the attack was launched  by hackers overseas," the university said. The attackers came through a  public Web site and then bypassed secured databases stored on the same  server.

The university is recommending those whose names and data were  stolen to place a fraud alert on their credit reporting accounts.

The school has set up a Web site  to  provide further information for potential victims and has also established a  24-hour data theft hot line, 888-729-3301, to answer questions.

Copyright BAYCN - Bay City News
Contact Us