Secured UC Berkeley Databases Hacked, Students Warned About Identity Thefts

'UC Berkeley officials announced Friday that Social Security numbers and other identification had been hacked from restricted university health services databases, putting students at risk of identity theft. The security breach, which campus officials said began in October last year, was discovered by university administrators during a routine maintenance check April 9, spurring a criminal investigation by UC police detectives and the FBI....

...He said the data thefts began on Oct. 9, 2008, and continued until April 6, 2009. As soon as the first activity was detected by authorities three days later, all the exposed databases were immediately removed from service to prevent future attacks.

In order to understand the nature of the security breach and to minimize the chances of a recurrence, Waggener said the university had hired technical experts and an internal auditor, Price Waterhouse Coopers, to help with the investigation.

"With this incident, UC Berkeley has joined a fraternity of institutions that have been victims of criminal attack," Waggener said. "This deviant act came from outside the campus. The attackers accessed a public website and bypassed additional secured databases stored on the same server."

As for why the breach had not been identified earlier, Waggener said it was something that could be identified only while checking a log entry.

"There were tell-tale signs," he said. "The hackers had left messages to system administrators taunting them. This sort of thing is very common." '