Following an attack on the university’s health-services centre, the information of more than 160,000 individuals is at risk. According to Berkeley, the hacked databases contain individuals' Social Security numbers, health insurance information and non-treatment medical information, such as immunization records and names of some of the treating physicians. About 160,000 individuals are believed to be impacted by the breach. Both past (as far back as 1999) and present students are affected as well as 3,400 Mills College students (as far back as 2001) who received, or were eligible to receive, health care at UC Berkeley.
According to a statement, Berkeley learned of hacking in April and immediately removed from service the exposed databases to prevent any further attacks. The college alerted campus police as well as the FBI.
"The university deeply regrets exposing our students and the Mills community to potential identity theft," said Shelton Waggener, UC Berkeley's associate vice chancellor for information technology and its chief information officer. "The campus takes our responsibility as data stewards very seriously. We are working closely with law enforcement and information security experts to identify the specific causes that may have contributed to this breach and to implement recommendations that will reduce our exposure to future attacks."
UC Berkeley administrators pointed out that the hackers did not access University Health Services' (UHS) medical records, which include patients' diagnoses, treatments and therapies. Those records are stored in a separate system and were not affected by this crime.