160,000 student, alumni accounts breached at UC Berkeley

Social Security numbers, health insurance information compromised during intrusion

The University of California, Berkeley has begun notifying more than 160,000 students, alumni and others about the potential compromise of their Social Security numbers, health insurance information and other personal data, following a database intrusion at the university.

The intrusion occurred last October and remained undetected until early this April, when campus computer administrators discovered it during routine performance maintenance, the university said in a statement today.

Evidence uncovered by investigators so far suggests that the attackers took advantage of a vulnerability in a public-facing Web application to gain access to multiple databases hosted on the same server, including the one containing the sensitive information, the university said.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The University of California, Berkeley has begun notifying more than 160,000 students, alumni and others about the potential compromise of their Social Security numbers, health insurance information and other personal data, following a database intrusion at the university.

The intrusion occurred last October and remained undetected until early this April, when campus computer administrators discovered it during routine performance maintenance, the university said in a statement today.

Evidence uncovered by investigators so far suggests that the attackers took advantage of a vulnerability in a public-facing Web application to gain access to multiple databases hosted on the same server, including the one containing the sensitive information, the university said.

Those impacted by the breach are current and former UC Berkeley students who had university health care coverage or received health services. Also impacted were parents and spouses of these indviduals if their names had been linked to the insurance coverage, it said.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.