University of California Data Breached, Serious Security Incidents on the Rise

The University of California
at Berkeley is the latest
organization to suffer a damaging data security breach. The increasing number
of security breaches and incidents has some calling for greater effort and
controls of systems containing sensitive data.

University officials revealed last week that hackers successfully breached
the student and alumni records system, gaining access to identifying
information of more than 160,000 individuals. The pilfered data included Social
Security numbers, health insurance information and limited medical history such
as immunization records.

A post-incident analysis of the breach discovered that the hackers gained
access as early as last October. The breach was discovered last month when IT
administrators took a server offline for routine maintenance, during which time
they discovered a message left by the hackers.

"The university deeply regrets exposing our students and the Mills
community to potential identity theft," said Shelton Waggener, UC
Berkeley’s associate vice chancellor for information technology, in a
statement. "The campus takes our responsibility as data stewards very
seriously. We are working closely with law enforcement and information security
experts to identify the specific causes that may have contributed to this
breach and to implement recommendations that will reduce our exposure to future
attacks."

The University of California,
Berkeley is the latest in a series
of high-profile security breaches in recent weeks. While the world was
transfixed by the threat of malware variants such as Conficker, human hackers
were busy probing networks for weak spots to access sensitive information.

Earlier this month, the U.S. Postal Service announced it was investigating
the possible compromise of more than 40,000 records of executives and
professionals that use Lexis Nexus and Investigative Professionals.
Investigators believe the breach is related to a Nigerian scam that will use
the information to make fraudulent charges against victims’ credit cards.

The FBI continues to probe a data hostage situation in Virginia,
where hackers allegedly broke into the Virginia Prescription Monitoring
Program’s database and encrypted files with an unknown key. The hackers are
reportedly demanding $10 million to decrypt the data.

In April, the Pentagon revealed the hackers had compromised a network used
by defense contractors for designing weapons systems and stole plans for the
next-generation jetfighter, the F-35.

And, since the beginning of the year, several reports have surfaced about
foreign governments and rogue hacker groups having access to the U.S.
power grid’s control systems. The fear is that this unauthorized access could
allow hostile parties to disrupt the U.S.
critical infrastructure and wreak havoc on defense and emergency first
responder operations during a crisis.

Security experts acknowledge the proliferation of malicious software, such
as viruses and worms, and the greater organization of hackers is increasing the
threat level. However, they believe that the government and private sector have
the knowledge and technology to adequately secure critical systems.

“It’s also inexcusable that we continue to run our computer networks as
though they are some magical enterprise only understandable by geeks and nerds,”
said Marcus Sachs, director of the SANS Institute Internet Storm Center,
following a recent congressional hearing on data security threats.