Hackers have made off with data held on the Berkeley Health Services Centre's computer at the University of California, comprising more than 160,000 people's personal information.
According to an article on CNet
, the university announced the security breach on Friday – and warned that at least 97,000 Social Security Numbers were among the data access by the attackers.
The crackers were able to delve deep into the system by exploiting a flaw in a publicly accessible website, allowing them access to supposedly secured databases held on the same server. During the time the crackers had access to the system – which the university believes could go back as far as October 9th 2008 – they will have had unfettered access to health insurance information on around 160,000 past and present students and staff at the university.
While personal information – including social security numbers, addresses, and immunisation records – was included in the data accessed, associate vice chancellor for health and human services Steve Lustig is quick to point out that no actual medical records were held on the system.
The attack would appear to be similar to that suffered
by job hunting site Monster.com earlier this year, and most likely for the same aim: to hijack personal data to aid in identity theft. Accordingly, the university is currently in the process of setting up a helpline
for those affected, along with advising the 160,000 people with data held on the system to set up fraud alert reporting on their bank accounts.
While the attack is still under investigation – both by the campus security services and by the FBI – many questions are likely to be asked as a result: not least of which will by why it took so long for the attack to raise an alarm.
Should the University of California at Berkeley be offering to compensate individuals affected by this breach, or should their efforts go into upgrading their security so that something like this never happens again? Share your thought over in the forums