On Friday, officials at the University of California Berkeley have revealed that they are alerting up to 80,000 people about the possibility of a cyber attack that targeted a system storing social security and bank account numbers.
UC Berkeley officials has today revealed that they are reaching out to 80,000 individuals including current and former students, university faculty and vendors to notify them about the possibility of their social security numbers and bank account data being breached.
As reported by Berkeley News, the alert is a precautionary measure as there is no evidence of the attackers actually breaching the system to siphon away personal information. While the university told the publication of no real evidence of a breach yet, it is notifying the 80,000 individuals to be alert and on the lookout for potential misuse of their information. The scenario raises the possibility of identity theft.
Those affected, the university revealed, include 57,000 current and former students and nearly 19,000 faculty that are both former and current employees. 10,300 vendors who work with the school could also be affected, the university revealed. Those are staggering numbers, with nearly half of the university’s current students and 65% of currently active employees.
In a statement, UC Berkeley’s chief information security officer Paul Rivers stated:
The security and privacy of the personal information provided to the university is of great importance to us. We regret that this occurred and have taken additional measures to better safeguard that information.
A Software Update Exploit Hack
The school revealed that the hacker or group of hackers gained access to the university’s financial management software in late December 2015. The exploit existed due to a security flaw that UC Berkeley was in the “process of patching.” The Berkeley Financial System (BFS) is used by the campus as a financial management solution for purchasing and most non-salary payments.
The publication revealed that campus IT officials learned of the potential unauthorized access to the data within 24 hours of its occurrence before taking action. All potentially impacted servers were removed from the network by IT officials, taking them offline. A computer forensics firm was hired to assist with the subsequent investigation, the university confirmed.
The public reveal of the possible breach took a while due to the investigation which concluded on Feb 25, following the complete compilation of all names and contact information of those potentially impacted due to the breach.
UC Berkeley is offering free credit monitoring, insurance and other services for the 80,000 that may be impacted due to the breach, as mentioned in the letters sent out starting today, Feb 26.
Featured image from Shutterstock.