Hackers breach UC Berkeley computer database

May 08, 2009 By JASON DEAREN , Associated Press Writer

(AP) -- University of California, Berkeley, officials said Friday that hackers infiltrated restricted computer databases, putting at risk health and other personal information on 160,000 students, alumni and others.

The university said data include , birth dates, health insurance information and some medical records dating back to 1999. Personal medical records - such as patient diagnoses, treatments and therapies - were not compromised, officials said.

The databases also included of parents, spouses and Mills College students who used or were eligible for Berkeley's health services.

In all, 97,000 Social Security numbers were stolen, said Shelton Waggener, UC Berkeley's associate vice chancellor for information technology and its chief information officer.

Social Security numbers can be used by identity thieves to access a person's current credit history, or bank and credit card accounts, according to the California Office of Privacy Protection. The numbers can also be used to open new bank and credit accounts, or even get a driver's license in the victim's name, privacy-protection officials warn.

The school has identified 160,000 total names in the database and contacted everyone regardless of whether their Social Security number also was compromised.

The server breach occurred on Oct. 6, 2008, and lasted until April 9, when campus staff performing routine maintenance found messages the school said were left by the hackers.

"The indications are that the hackers left messages to the system administrator taunting the system administrator that they had broken in," Waggener said. "It's a common hacker approach for identifying themselves."

The school said it had traced the hackers' computers to a number of overseas locations, including China, and turned that information over to the FBI and campus police. An outside Internet security firm has also been hired to conduct an audit of the school's systems and its information security measures.

Although the breach was discovered April 9, former and current students did not receive e-mail notification of the hacks until Friday morning. The university said it took forensic technology experts until April 21 to figure out which databases were hacked.

"Since then a team of more than 20 people from across the campus have been working seven days a week to determine the exact scope and nature of the breach," the school said.

It established a Web site at http://datatheft.berkeley.edu to answer questions about the incident.

Graduate student Kate Monroe, 27, said she was taking the school's warning seriously and planned to have a free fraud alert added to her credit report.

"My mom has dealt with identity theft and it's no joke," Monroe said. "Getting her identity cleaned up has been nearly impossible."

The school said Friday it had not received any reports of identity theft from any students who were notified.

In March 2005, a thief walked into a office and swiped a computer laptop containing personal information on nearly 100,000 alumni, graduate students and past applicants. Officials said that laptop was recovered before any personal information was breached.

Six months earlier, a computer hacker gained access to UC Berkeley research being done for the state Department of Social Services. Those files contained personal information of about 600,000 people.

---

On the Net:

http://datatheft.berkeley.edu

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Twitter admits to diversity problem in workforce

add to favorites email to friend print save as pdf

Related Stories

Breaches emphasize need for scanning, encryption

Mar 17, 2009

Recent news reports indicate a computer containing confidential information about the helicopter that transports President Barack Obama was breached by a computer in Iran. In January, Heartland Payment Systems, a company ...

Alternative energy plan wins contest

May 08, 2006

An alternative energy company called Aurora BioFuels has won the $25,000 first prize at the eighth annual UC Berkeley Business Plan Competition at the University of California, Berkeley's Haas School of Business. Aurora BioFuels ...

IBM software safeguards consumer identity on the Web

Jan 26, 2007

IBM today announced software that allows people to hide or anonymize their personal information on the Web, ensuring protection from identity theft and other misuse. Developed by researchers at IBM's laboratory in Zurich, ...

Recommended for you

Study shows role of media in sharing life events

8 hours ago

To share is human. And the means to share personal news—good and bad—have exploded over the last decade, particularly social media and texting. But until now, all research about what is known as "social sharing," or the ...

UK: Former reporter sentenced for phone hacking

15 hours ago

(AP)—A former British tabloid reporter was given a 10-month suspended prison sentence Thursday for his role in the long-running phone hacking scandal that shook Rupert Murdoch's media empire.

Evaluating system security by analyzing spam volume

15 hours ago

The Center for Research on Electronic Commerce (CREC) at The University of Texas at Austin is working to protect consumer data by using a company's spam volume to evaluate its security vulnerability through the SpamRankings.net ...

Surveillance a part of everyday life

16 hours ago

Details of casual conversations and a comprehensive store of 'deleted' information were just some of what Victoria University of Wellington students found during a project to uncover what records companies ...

European Central Bank hit by data theft

17 hours ago

(AP)—The European Central Bank said Thursday that email addresses and other contact information have been stolen from a database that serves its public website, though it stressed that no internal systems or market-sensitive ...

Twitter admits to diversity problem in workforce

19 hours ago

(AP)—Twitter acknowledged Wednesday that it has been hiring too many white and Asian men to fill high-paying technology jobs, just like several other major companies in Silicon Valley.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

John999
not rated yet May 14, 2009
Most companies enjoy %u201Csecurity%u201D insofar as they haven%u2019t been targeted, or had an employee make a human error with catastrophic exposure. Price Waterhouse Cooper and Carnegie-Mellon%u2019s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture %u2013 absent new eCulture, breaches will, and continue to, increase. As CIO, I%u2019m constantly seeking things that work, in hopes that good ideas make their way back to me - check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: www.businessforum..._02.html -
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities %u2013 read the book BEFORE you suffer a bad outcome %u2013 or propagate one.