University of California, Berkeley (UC Berkeley) has recently fell a victim to a cyberattack that was carried out on its computer systems storing their social security and bank account numbers. The data breach affects about 57,000 current and former students, 18,800 former and current employees and 10,300 vendors doing business with the campus, which accounts up to more than 80,000 individuals.
Paul Rivers, UC Berkeley's chief information security officer said, "The security and privacy of the personal information provided to the university is of great importance to us. We regret that this occurred and have taken additional measures to better safeguard that information."
This is not the first cyberattck on UC Berkeley. In December 2015, hackers posed an attack after obtaining access to the servers and database in the campus' Real Estate Division, exposing personal information of about 16,00 people.
The latest cyberattack includes about 50% of the current students and 65% of active employees. The officials of UC Berkeley have been sending alerts to the 80,000 faculty, staff, students and vendors informing about the cyberattack. Law enforcement authorities including the FBI has been also notified about the attack.
While the campus does not have evidence so far about any unauthorised individual accessing any personal information, the investigation suggests that hackers managed to gain access to some computers belonging to Berkeley Financial Systems (BSF), sometime in late December 2015, through a security flaw that the university was in the process of patching, according to a posting by UC Berkeley news. After being aware of unauthorised access to data within 24 hours of its occurrence, the IT officials removed all infected servers from the network.
The BFS is a software application, which the campus uses for the financial management such as purchasing and most non-salary payments. Individuals who are affected the most are the students and staff who received payments from UC Berkeley through electronic fund transfer. The campus is currently providing affected individuals one year of free credit monitoring and identity theft insurance, along with resources to help them in monitoring their accounts.