The University of California -Berkeley is notifying individuals of a recent data breach in the Real Estate Division.
Although there is no evidence that any unauthorized individual actually acquired and used personal information, the breach involved unauthorized access to servers used to support a number of Real Estate programs and work stations, specifically those in the units formerly known as Capital Projects and Physical Plant-Campus Services.
In a letter to those affected signed by Grace Crvarich, Chief Operating Officer UC Berkeley, Division of Real Estate, she notes that some of the servers or workstations stored individual files that included some personal information, including names along with social security numbers, credit card numbers and driver’s license numbers.
The servers were reportedly breached in mid- to late September and were shut down as soon as investigations indicated they were compromised. The breach was discovered September 26, 2014, and in subsequent weeks, the university, with the assistance of a consultant data security firm, reviewed the data stored on the servers to identify any personally identifying information and identify and locate all the individuals affected. That identification process only concluded this week.
Those notified were offered a free year of credit monitoring and identity restoration services with ID Experts.
A template of the notification letter has been uploaded to the web site of the California Attorney General’s Office.