UC Berkeley Hit by Data Breach

Written by

UC Berkeley officials are sending alert notices to current students and others: the California university has suffered a data breach.

The data breach involved unauthorized access to a campus Web server maintained by a unit within UC Berkeley’s Division of Equity and Inclusion. The server was used to store information that included family financial information submitted by students—like Social Security numbers and bank account info.

The investigation revealed that the unauthorized access into the server first occurred in December 2014 and that an additional, separate, unauthorized access event occurred in February 2015.

Officials sent letters to all affected individuals on April 30. This included about 260 undergraduate students and some former students, as well as about 290 parents and other individuals, generally family members of the notified students. Current students also received emails, sent April 30.

Campus officials learned of the breach on March 14, after which they immediately removed the server from the network, the school said. A digital forensics firm was brought in to investigate and determine whether any personally identifiable information was compromised. Once the firm completed that work and confirmed the names of all impacted individuals, the letters were sent.

“There is no evidence that such information has actually been used, but officials are notifying individuals in accordance with California law and so that they can be alert to signs of any possible misuse of their information,” the school said in its notice.

Paul Rivers, UC Berkeley’s interim chief security officer, said that Berkeley will be offering affected individuals free credit monitoring for a year, and that they will receive a resource list to help them in checking for possible suspicious activity on their accounts.

What’s hot on Infosecurity Magazine?