UC Berkeley on Friday revealed that it has alerted 80,000 current and former faculty, staff, students and vendors in the wake of a late December "criminal cyberattack" that could have compromised Social Security and bank account numbers.
We're not talking an epic breach possibly affecting millions of people as did last year's Anthem and Ashley Madison compromises. But the revelation still must be unsettling for an institution that prides itself on cutting-edge cybersecurity research. UC Berkeley was among several big-name schools to receive millions from the Hewlett Foundation for cybersecurity policy research, and the school last year established the Center for Long-Term Cybersecurity.
As for short-term cybersecurity, UC Berkeley says it has no evidence that any of the compromised accounts were abused, but it nevertheless was compelled by law to disclose the breach and in addition is offering credit protection services for free.
The attack took place in December when one or more people gained access to Berkeley Financial System computers via a flaw that was being patched.
“The security and privacy of the personal information provided to the university is of great importance to us,” said Paul Rivers, UC Berkeley’s chief information security officer, in a statement. “We regret that this occurred and have taken additional measures to better safeguard that information.”
If the UC Berkeley news is causing you some deja vu, it could be because numerous higher education institutions -- from Harvard to Penn State -- were hit with breaches last year. And UC Berkeley itself revealed a breach last April that involved unauthorized access to a Web server maintained by the school's Division of Equity and Inclusion, and also disclosed a separate breach in late 2014 involving servers and databases in the Real Estate Division.
Sign up for CIO Asia eNewsletters.