Roughly 80,000 people might have been impacted by cyber attack that hit a UC Berkeley system containing Social Security and bank account numbers, the university warns.
UC Berkeley officials are sending alert notices to current and former faculty, staff, students and vendors after discovering that one of the university’s systems had been breached, but say that there’s no evidence that any personal information has been accessed, acquired, or used following the attack.
However, the university has decided to inform users who are possibly impacted by the breach to stay alert on any misuse of their information and to enroll into a credit protection service the campus is offering free of charge.
Authorities, including the FBI, have already been notified about the incident.
According to a post from Janet Gilmore, Public affairs at UC Berkeley, the attack occurred in late December 2015, when an unauthorized user gained access to portions of computers that are part of the Berkeley Financial System (BFS). The attacker(s) leveraged a security vulnerability that UC Berkeley was in the process of patching, Gilmore states.
The blog post explains that the BFS is a software application used for the management of financial operations such as purchasing and most non-salary payments. Of the 80,000 potentially impacted people, 57,000 are current and former students, about 18,800 are former and current employees, including student workers, and 10,300 are vendors who do business with the campus.
Due to the fact that some individuals belong into more than one category, the breach impacted more than 80,000 entries, and Gilmore explains that this includes approximately 50 percent of current students and 65 percent of active employees. She also explains that many of the people impacted by the breach include individuals who received payments from UC Berkeley through electronic fund transfers.
“For students, this often involved financial aid awards that they elected to receive by electronic fund transfer. For many faculty and staff, this involved reimbursements, such as work-related travel reimbursements. Vendors whose Social Security numbers or personal bank account numbers were in the system in order for payment to be issued are also potentially impacted,” Gilmore says.
UC Berkeley learned of the potential unauthorized access to data within 24 hours of its occurrence, and Gilmore notes that officials took prompt action by removing all potentially impacted servers from the network, thus preventing further access to them. Furthermore, the campus hired a computer investigation firm to assist with the investigation.
Last month, University of Virginia’s HR system was breached and attackers managed to access sensitive information, including W-2s and banking details of University employees. Also in January, a hacker proclaiming allegiance to the Islamic State jihadist group infiltrated the internal network of one of China’s top universities.

More from SecurityWeek News
- Threat Hunting Summit Virtual Event NOW LIVE
- Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone
- Threat Modeling Firm IriusRisk Raises $29 Million
- SentinelOne Announces $100 Million Venture Fund
- Today: 2022 CISO Forum Virtual Event
- Cymulate Closes $70M Series D Funding Round
- SecurityWeek to Host CISO Forum Virtually September 13-14, 2022: Registration is Open
- Privilege Escalation Flaw Haunts VMware Tools
Latest News
- Consolidate Vendors and Products for Better Security
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
