Roughly 80,000 people might have been impacted by cyber attack that hit a UC Berkeley system containing Social Security and bank account numbers, the university warns.
UC Berkeley officials are sending alert notices to current and former faculty, staff, students and vendors after discovering that one of the university’s systems had been breached, but say that there’s no evidence that any personal information has been accessed, acquired, or used following the attack.
However, the university has decided to inform users who are possibly impacted by the breach to stay alert on any misuse of their information and to enroll into a credit protection service the campus is offering free of charge.
Authorities, including the FBI, have already been notified about the incident.
According to a post from Janet Gilmore, Public affairs at UC Berkeley, the attack occurred in late December 2015, when an unauthorized user gained access to portions of computers that are part of the Berkeley Financial System (BFS). The attacker(s) leveraged a security vulnerability that UC Berkeley was in the process of patching, Gilmore states.
The blog post explains that the BFS is a software application used for the management of financial operations such as purchasing and most non-salary payments. Of the 80,000 potentially impacted people, 57,000 are current and former students, about 18,800 are former and current employees, including student workers, and 10,300 are vendors who do business with the campus.
Due to the fact that some individuals belong into more than one category, the breach impacted more than 80,000 entries, and Gilmore explains that this includes approximately 50 percent of current students and 65 percent of active employees. She also explains that many of the people impacted by the breach include individuals who received payments from UC Berkeley through electronic fund transfers.
“For students, this often involved financial aid awards that they elected to receive by electronic fund transfer. For many faculty and staff, this involved reimbursements, such as work-related travel reimbursements. Vendors whose Social Security numbers or personal bank account numbers were in the system in order for payment to be issued are also potentially impacted,” Gilmore says.
UC Berkeley learned of the potential unauthorized access to data within 24 hours of its occurrence, and Gilmore notes that officials took prompt action by removing all potentially impacted servers from the network, thus preventing further access to them. Furthermore, the campus hired a computer investigation firm to assist with the investigation.
Last month, University of Virginia’s HR system was breached and attackers managed to access sensitive information, including W-2s and banking details of University employees. Also in January, a hacker proclaiming allegiance to the Islamic State jihadist group infiltrated the internal network of one of China's top universities.