(WEB HOST INDUSTRY REVIEW) -- Hackers broke into the servers used by the University of California at Berkeley (http://berkeley.edu) and Mills College, putting at risk the private information of more than 160,000 students and employees, the university announced on Friday.
In particular, the Social Security numbers of 97,000 individuals are in jeopardy, although it remains to be seen whether the criminals were able to successfully attach those SSNs to the correct names of individuals, said Shelton Waggener, UCB's chief technology officer.
The hackers were able to bypass additional secured databases stored on the same server of the university's public website.
Though the databases contained SSNs, health insurance information and non-treatment medical information, no medical records were stolen since they are kept in a different system, said Steve Lustig, associate vice chancellor for health and human services.
Lustig confirmed that while some data has been taken, the identities of the individuals have not.
The breach occurred from October 9, 2008 through April 9, 2009, at which point a campus computer administrator running a routine maintenance found messages left by the hackers.
Waggener said that the messages indicate that the attacks came from overseas, "primarily in the Asian theater," with traces to China.
Both campus authorities and the FBI were immediately alerted about the intrusion, however, Waggener said that officials did not learn about the data theft until April 21.
Authorities have been investigating since then what information has been taken and who are the potential victims.
The exact methods of the hackers is still undetermined, but some experts suspect that the attackers used a SQL injection -- a tactic where a malicious script is pasted into a website's database.
Security experts are questioning why the university did not have the proper monitoring tools in place to have not detected the breach for six months, as well as why it stored data of varying levels of sensitivity all on the same server.
On Friday, the university began alerting via email and standard mail the 160,000 potential victims, which include those Berkeley students, parents, spouses, and Mills College students who used or were eligible for Berkeley's health services.
The school also recommended the affected individuals to put a fraud alert on their credit reporting accounts, as well as set up a website and hotline for victims to answer any questions.
Though this is the university's first case of a major server breach, a campus PC was stolen in 2005 from a Berkeley graduate admission office that held the private data on some 98,000 people.
Berkeley is now one of several world-renowned institutions that have fallen victim to major malicious attacks.
Last November, The University of Florida's dental school announced that the private information of 333,000 people was at risk after hackers broke into its servers, while Harvard University's Graduate School of Arts and Sciences website suffered a breach in February 2008.
Read Back Issues of WHIR Magazine
July 2010 - What's Next? Forecasting Hosting's Future
Technically, there's nothing new about us posing the question, "what are the next steps hosting providers must take to capitalize on the opportunities available in the business?" From the 10,000-foot view, that's the basic premise that underlies just about everything the WHIR publishes or produces. In this particular case, however, we're looking at it through an extremely significant contextual lens. That is, for much of the last two years, hosting providers have been operating in a business climate defined by an economy in crisis.
About This Issue | Read Digital Edition
March 2010 - Web Hosting in Europe
Europe cuts an interesting figure in our coverage of the web hosting industry. From a purely news standpoint, it is very possible to treat Europe in more or less the same way that we treat North America - that is, report the facts, ask the right questions, try to anticipate the issues raised. From an analytical standpoint, however, we present a distinctly North American point of view - this being the product of circumstances (our location), rather than a bias.
About This Issue | Read Digital Edition
January 2010 - Hottest Hosts Directory
In 2008, in our inaugural Hottest Hosts guide, I wrote that we were exploring a new format with the first in-print directory of web hosting services. And last year, I discussed the project in the context of an ongoing project, and a growing tradition here at the Web Host Industry Review. The objective, however, is not to repeat ourselves, but to help the directory evolve into a more valuable resource - something that's going to help you with your purchasing decisions, and something you're going to hold on to for the duration of the year.
About This Issue | Read Digital Edition
Comment anonymously or log into your WHIR account
Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.