Data Breaches

550 Hit in Berkeley Data Break-In

• By Dian Schaffhauser
• 05/01/15

The University of California Berkeley has sent out notification to those affected by a recently discovered data breach. The break-in involved access to a campus Web server maintained by a unit within the university's Division of Equity and Inclusion. The server was used to store records that had family financial information, including Social Security and bank account numbers, submitted by students.

About 550 people were affected, including undergraduate and former students as well as parents and others. The school has offered them free credit monitoring for a year as well as a list of resources they can use to monitor for suspicious activity on their accounts.

However, the institution said it has seen no evidence that the information has been used for unauthorized activities. California law stipulates that a business or public agency notify a state resident whose unencrypted personal information has been acquired by an unauthorized person.

Campus representatives learned of the breach on March 14 and removed the affected server from the network. A forensics investigation determined that the digital compromise had taken place in December 2014 and again in February 2015. Data theft targets were informed at the end of April, once the investigation had confirmed the names of those affected.

In December the university went public with details about another data breach that affected about 1,600 people. In that case, an employee doing work while on vacation allowed a username and password to be stolen.