DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

University of California – Berkeley alerting 80,000 to December hack involving SSN or bank account info (UPDATE1)

Posted on February 26, 2016 by Dissent

From the University of California – Berkeley:

UC Berkeley officials are sending alert notices to approximately 80,000 current and former faculty, staff, students and vendors following a criminal cyberattack on a system storing their Social Security or bank account numbers.

The campus has no evidence that any unauthorized individual actually accessed, acquired or used any personal information; however, it is informing those potentially impacted so they can be alert to signs of any possible misuse of their information and take advantage of credit protection services the campus is offering free of charge.

The attack occurred in late December 2015, when an unauthorized person or persons obtained access to portions of computers that are part of the Berkeley Financial System (BFS). These criminals gained entry through a security flaw that UC Berkeley was in the process of patching. Law enforcement, including the FBI, has been notified.

The BFS is a software application the campus uses for financial management, including purchasing and most non-salary payments. Those potentially impacted include about 57,000 current and former students; about 18,800 former and current employees, including student workers; and 10,300 vendors who do business with the campus. The numbers add up to more than 80,000 because individuals may belong to more than one category.

This is approximately 50 percent of current students and 65 percent of active employees.

Many of the potentially impacted individuals include students and staff who received payments from UC Berkeley through electronic fund transfers, although paper payments may have been made in some instances. For students, this often involved financial aid awards that they elected to receive by electronic fund transfer. For many faculty and staff, this involved reimbursements, such as work-related travel reimbursements. Vendors whose Social Security numbers or personal bank account numbers were in the system in order for payment to be issued are also potentially impacted.

“The security and privacy of the personal information provided to the university is of great importance to us,” said Paul Rivers, UC Berkeley’s chief information security officer. “We regret that this occurred and have taken additional measures to better safeguard that information.”

The campus is providing potentially impacted individuals with one year of free credit monitoring and identity theft insurance, along with resources to assist them in monitoring their accounts for any suspicious activity.

In today’s cyber security landscape, large, high-profile organizations such as leading universities are under near-constant attack. Systems set up by UC Berkeley officials routinely identify such hacking attempts. If such attacks do occur, campus officials quickly respond. In this case, campus IT officials learned of the potential unauthorized access to data within 24 hours of its occurrence and took prompt action.

They removed all potentially impacted servers from the network so that they could no longer be accessed. A computer investigation firm was retained to assist with the investigation and help determine whether any personally identifiable information was accessed without authorization.

The investigators completed compiling the names and contact information for those potentially impacted on Feb. 25 and notice letters with information about free credit monitoring, insurance and other resources went out to them starting on Feb. 26.

UPDATE: A template notification letter is now available online on the California Attorney General’s web site.

No related posts.

Category: Education SectorHackU.S.

Post navigation

← IRS “Get Transcript” breach much bigger than first thought – now more than 700K victims
KS: Laptop with sensitive personal and medical info stolen from Valley Hope Association employee’s car →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • DOJ investigates ex-ransomware negotiator over extortion kickbacks
  • Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
  • One in Five Law Firms Hit by Cyberattacks Over Past 12 Months
  • U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
  • Senator Chides FBI for Weak Advice on Mobile Security
  • Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks
  • Kelly Benefits updates its 2024 data breach report: impacts 550,000 customers
  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban
  • 20 States Sue HHS to Stop Medicaid Data Sharing with ICE
  • Kids are making deepfakes of each other, and laws aren’t keeping up
  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.