CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 12th, 2009

More Than 160,000 UC Berkeley Health Records Stolen By Hackers

The University of California at Berkeley started warning students and alumni on Friday that online thieves infiltrated the school’s restricted servers and stole medical records on more than 160,000 individuals.

The database exposed by the breach held information on UC Berkeley’s students, alumni and staff, including health insurance information and Social Security numbers, the university said in a statement. The breach lasted from October 9, 2008 to April 9, 2009, when campus administrators performing maintenance on the systems detected the intrusion. Early evidence uncovered in the investigation suggests the attack came from overseas and accessed the secured databases by compromising a public Web site run on the same server.

“The university deeply regrets exposing our students and the Mills community to potential identity theft,” Shelton Waggener, UC Berkeley’s associate vice chancellor for information technology, said in the statement. “We are working closely with law enforcement and information security experts to identify the specific causes that may have contributed to this breach and to implement recommendations that will reduce our exposure to future attacks.”

The breach is not the first time that UC Berkeley has had to deal with a massive data loss. In 2004, California’s Health and Human Services Agency announced that up to 1.4 million people may have had their records stolen from a database stored on a school computer. The University of California at Los Angeles told students and others that hackers had stolen as many as 800,000 records containing Social Security numbers, dates of birth, home addresses and contact information. While quite a few colleges have suffered large breaches, intrusions into payment-processor networks over the past few years have dwarfed those losses.

The cause of the breach remains unclear. Santa Barbara, another campus in the University of California network, has distinguished itself with a recent investigation of the Torpig botnet network. So if Berkeley’s admins need a few pointers in computer forensics then they could do a lot worse than give their counterparts down the coast a call

The data stolen from UC Berkeley includes health data of the school’s students and alumni — and their parents or spouses, in many cases — who received benefits through University Health Services as well as approximately 3,400 students of Mills College in Oakland, Calif., who were eligible to receive benefits.

Credit: SecurityFocus

Share this item with others:

More on CyberInsecure:
  • University Of Massachusetts Amherst’s Health Services Network Breached By Hackers
  • University Of Utah Hospitals & Clinics Stolen Backup Tape Contained 2.2 Million Billing Records
  • Virginia Health Professions Database Breached, Hackers Demand Ransom
  • Hundreds Of UCLA Medical Employees Abused Privilege And Looked Into Celebrities Medical Records
  • Breach Involving Health Information In Elliot Health System

    • Posted in Breaches And Incidents, Data Theft, Privacy | Print This Post Print This Post

    This entry was posted on Tuesday, May 12th, 2009 at 5:33 am and is filed under Breaches And Incidents, Data Theft, Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: More Than 160,000 UC Berkeley Health Records Stolen By Hackers

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »