May 8, 2009, 02:29 PM ET
Hackers Access Medical Information of 160,000 in U. of California at Berkeley Database
San Francisco — Over a six-month period, a group of computer hackers accessed a database containing the medical information of more than 160,000 people associated with the University of California at Berkeley, including social security numbers and immunization records, Berkeley announced today.
Hackers gained access in October 2008 to the electronic medical records of Berkeley students, alumni, and their parents dating back to 2001. The compromised information includes social security numbers, doctor histories, and immunization records, but not specific diagnoses or treatments, the university said in a statement.
The breach lasted until April 9, when campus computer administrators noticed messages left behind by the hackers, according to the statement. The university immediately notified law enforcement authorities and today it began notifying students, staff, and others — including 3,400 students at neighboring Mills College whose information was also compromised because they were eligible to receive health care at Berkeley.
Security breaches involving social security numbers are not uncommon at colleges, but the length of time that hackers had access to university records is unusual, and university officials are certain to face questions about why they did not learn of the breach sooner. In addition to general medical information, hackers may have stolen the self-reported medical histories of students who studied abroad, the university said in an e-mail message sent to students, alumni and others.
“The university deeply regrets exposing our students and the Mills community to potential identity theft,” Shelton Waggener, Berkeley’s associate vice chancellor for information technology and its chief information officer, said in a statement. “The campus takes our responsibility as data stewards very seriously. We are working closely with law enforcement and information security experts to identify the specific causes that may have contributed to this breach and to implement recommendations that will reduce our exposure to future attacks.” — Josh Keller