University of California Data Breached, Serious Security Incidents on the Rise

By Lawrence Walsh  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

Hackers penetrated the University of California, Berkeley student and alumni database, stealing the records of 160,000 individuals. The incident is the latest in a string of incidents that has some security experts calling for greater efforts in protecting data and critical networks.

The University of California at Berkeley is the latest organization to suffer a damaging data security breach. The increasing number of security breaches and incidents has some calling for greater effort and controls of systems containing sensitive data.

University officials revealed last week that hackers successfully breached the student and alumni records system, gaining access to identifying information of more than 160,000 individuals. The pilfered data included Social Security numbers, health insurance information and limited medical history such as immunization records.

A post-incident analysis of the breach discovered that the hackers gained access as early as last October. The breach was discovered last month when IT administrators took a server offline for routine maintenance, during which time they discovered a message left by the hackers.

"The university deeply regrets exposing our students and the Mills community to potential identity theft," said Shelton Waggener, UC Berkeley's associate vice chancellor for information technology, in a statement. "The campus takes our responsibility as data stewards very seriously. We are working closely with law enforcement and information security experts to identify the specific causes that may have contributed to this breach and to implement recommendations that will reduce our exposure to future attacks."

The University of California, Berkeley is the latest in a series of high-profile security breaches in recent weeks. While the world was transfixed by the threat of malware variants such as Conficker, human hackers were busy probing networks for weak spots to access sensitive information.

Earlier this month, the U.S. Postal Service announced it was investigating the possible compromise of more than 40,000 records of executives and professionals that use Lexis Nexus and Investigative Professionals. Investigators believe the breach is related to a Nigerian scam that will use the information to make fraudulent charges against victims’ credit cards.

The FBI continues to probe a data hostage situation in Virginia, where hackers allegedly broke into the Virginia Prescription Monitoring Program’s database and encrypted files with an unknown key. The hackers are reportedly demanding $10 million to decrypt the data.

In April, the Pentagon revealed the hackers had compromised a network used by defense contractors for designing weapons systems and stole plans for the next-generation jetfighter, the F-35.

And, since the beginning of the year, several reports have surfaced about foreign governments and rogue hacker groups having access to the U.S. power grid’s control systems. The fear is that this unauthorized access could allow hostile parties to disrupt the U.S. critical infrastructure and wreak havoc on defense and emergency first responder operations during a crisis.

Security experts acknowledge the proliferation of malicious software, such as viruses and worms, and the greater organization of hackers is increasing the threat level. However, they believe that the government and private sector have the knowledge and technology to adequately secure critical systems.

"It’s also inexcusable that we continue to run our computer networks as though they are some magical enterprise only understandable by geeks and nerds," said Marcus Sachs, director of the SANS Institute Internet Storm Center, following a recent congressional hearing on data security threats.

Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.