UC Berkeley makes third data breach disclosure in past 15 months

UC Berkeley cyberattack news follows disclosures in April 2015, December 2014

UC Berkeley on Friday -- THE time for issuing bad news even in these days of 24-hour news cycles -- revealed that it has alerted 80,000 current and former faculty, staff, students and vendors in the wake of a late December "criminal cyberattack" that could have compromised Social Security and bank account numbers.

We're not talking an epic breach possibly affecting millions of people as did last year's Anthem and Ashley Madison compromises. But the revelation still must be unsettling for an institution that prides itself on cutting-edge cybersecurity research. UC Berkeley was among several big-name schools to receive millions from the Hewlett Foundation for cybersecurity policy research, and the school last year established the Center for Long-Term Cybersecurity.

MORE: Heat Map to show where burning need is for cybersecurity pros

As for short-term cybersecurity, UC Berkeley says it has no evidence that any of the compromised accounts were abused, but it nevertheless was compelled by law to disclose the breach and in addition is offering credit protection services for free.

The attack took place in December when one or more people gained access to Berkeley Financial System computers via a flaw that was being patched. 

“The security and privacy of the personal information provided to the university is of great importance to us,” said Paul Rivers, UC Berkeley’s chief information security officer, in a statement. “We regret that this occurred and have taken additional measures to better safeguard that information.”

If the UC Berkeley news is causing you some deja vu, it could be because numerous higher education institutions -- from Harvard to Penn State -- were hit with breaches last year. And UC Berkeley itself revealed a breach last April that involved unauthorized access to a Web server maintained by the school's Division of Equity and Inclusion, and also disclosed a separate breach in late 2014 involving servers and databases in the Real Estate Division.

MORE: 10 of today's coolest network & IT research projects

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Bob Brown

Latest Videos

More videos

Blog Posts