UC Berkeley officials issued a statement of regret about a computer hacking that may have exposed the names and social security numbers of about 600,000 people.
The state Department of Social Services announced Tuesday that they are investigating the hacking incident. UC officials said the breech occurred in early September.
The database in question contained personal information about people who provide and receive in-home health care, including provider pay. UC officials said that a scholar from Connecticut College visiting at UC’s Institute of Industrial Relations was doing statistical analysis of home health care in California, and was accessing the database for her research project. The scholar was trying to determine how wage and benefit increases can improve the recruitment and retention of quality home-care workers.
As soon as the matter was brought to the attention of the campus counsel he began to work closely with the appropriate state and federal authorities, including the FBI. Officials from the campus, Department of Social Services, the FBI and officials from Connecticut College met on Sept. 27 to address the security breach.
Officials believe the security breach was related to linking a non-UC computer and non-UC server to the campus network system without taking proper precautions against intrusion.
Anyone concerned that their personal information was in the database is encouraged to contact the state Department of Social Services for instructions on fraud protection. The department’s Web site is http://www.cdss.ca.gov/ihss, and their phone number is (866) 404-9214.
An investigation into this incident has not yet determined whether any of the personal data was acquired. However, UC officials reported that the Department of Social Services has not gotten any information indicating that identity theft or misuse of the data has occurred, they added.
Campus officials said that even one breach of its network is unacceptable. The campus works hard to avoid such incidents and regrets that this one occurred.
The campus has been in the process of directing units to comply with new standards for security that will officially go into effect in the spring. At that time, individuals who fail to meet these standards will be denied access to the university’s network. For example, installing patches that block computer viruses and that address other security problems will be required.
In the interim, campus network security officials will continue to scan campus systems for problems. Particular attention is being paid to databases with sensitive information.
— Bay City News and wire reports