University of California Data Breached, Serious Security Incidents on the Rise

The University of California at Berkeley is the latest organization to suffer a damaging data security breach. The increasing number of security breaches and incidents has some calling for greater effort and controls of systems containing sensitive data.

University officials revealed last week that hackers successfully breached the student and alumni records system, gaining access to identifying information of more than 160,000 individuals. The pilfered data included Social Security numbers, health insurance information and limited medical history such as immunization records.

A post-incident analysis of the breach discovered that the hackers gained access as early as last October. The breach was discovered last month when IT administrators took a server offline for routine maintenance, during which time they discovered a message left by the hackers.

"The university deeply regrets exposing our students and the Mills community to potential identity theft," said Shelton Waggener, UC Berkeley's associate vice chancellor for information technology, in a statement. "The campus takes our responsibility as data stewards very seriously. We are working closely with law enforcement and information security experts to identify the specific causes that may have contributed to this breach and to implement recommendations that will reduce our exposure to future attacks."

The University of California, Berkeley is the latest in a series of high-profile security breaches in recent weeks. While the world was transfixed by the threat of malware variants such as Conficker, human hackers were busy probing networks for weak spots to access sensitive information.

Earlier this month, the U.S. Postal Service announced it was investigating the possible compromise of more than 40,000 records of executives and professionals that use Lexis Nexus and Investigative Professionals. Investigators believe the breach is related to a Nigerian scam that will use the information to make fraudulent charges against victims’ credit cards.

The FBI continues to probe a data hostage situation in Virginia, where hackers allegedly broke into the Virginia Prescription Monitoring Program’s database and encrypted files with an unknown key. The hackers are reportedly demanding $10 million to decrypt the data.

In April, the Pentagon revealed the hackers had compromised a network used by defense contractors for designing weapons systems and stole plans for the next-generation jetfighter, the F-35.

And, since the beginning of the year, several reports have surfaced about foreign governments and rogue hacker groups having access to the U.S. power grid’s control systems. The fear is that this unauthorized access could allow hostile parties to disrupt the U.S. critical infrastructure and wreak havoc on defense and emergency first responder operations during a crisis.

Security experts acknowledge the proliferation of malicious software, such as viruses and worms, and the greater organization of hackers is increasing the threat level. However, they believe that the government and private sector have the knowledge and technology to adequately secure critical systems.

“It’s also inexcusable that we continue to run our computer networks as though they are some magical enterprise only understandable by geeks and nerds,” said Marcus Sachs, director of the SANS Institute Internet Storm Center, following a recent congressional hearing on data security threats.