Berkeley Hacked

160,000 medical records plundered over a six month period.

Get It Try It

BERKELEY (CNET) -- Hackers broke into UC Berkeley's health services centre databases and stole information for more than 160,000 individuals. The breach which had been ongoing since 9 October 2008 was only discovered on 9 April this year and it still took another two weeks before university officials were informed.

Server logs indicate the hacks originated outside the US. The origin was later specified as China.

SQL Injection

Sentrigo CTO Slavik Markovich said he suspects the hackers used SQL injection to breach the security. Markovich also questioned whether the university had appropriate monitoring tools to detect the breach - which went unnoticed for half a year - and also wondered why data with different levels of sensitivity was stored on the same server.

Snail Mail Notification

UC Berkeley started notifying the 160,000+ individuals on 7 May 2009. All were told to put their credit reporting accounts on fraud alert. An emergency website has also been put online (see below).

Reactions

It's quite sad how such important and sensitive data is poorly secured.
 - 'unic0rn'

And Berkeley is supposed to be a mecca for computer science minds.
 - 'frequentFlyer'

great. now im graduating into a horrible economy AND my credits gonna suck
 - 'swraman'

my shit got hacked in this. mom says now i gotta freeze my credit every 90 days for the rest of my life, because all 160,000 names/SSNs are now commodities that will be traded around and sold off until we die. god damnit.
 - 'aweasel'

Who the heck puts this data on a computer with access to the internet? Are they that stupid???
 - 'lilricky'

Beats me why Health Services data is kept online!!! I got a mail from them yesterday about this :(
 - 'stutimandal'

Berkeley, the university which spits out thousands of computer geeks every year??
 - 'abukalamdanny'

See Also
UC Berkeley: Data Theft News Updates
CNET: UC Berkeley Computers Hacked, 160000 at Risk