In a case which clearly identifies the need to have both perimeter security and internal security auditing, the University of California, Berkeley announced that notifications had begun in a server breach that began on October 9, 2008 and continued until April 9 of this year. More than 160,000 records of individuals were reportedly exposed.
The breach was discovered when administrators identified messages left behind by the hackers while performing routine maintenance. The subsequent investigation performed by the security incident team indicates that the attacked was launched overseas and began by accessing a public web site.
The lost data includes Social Security numbers, health insurance information and immunization records. The victims of the breach include UC Berkeley students, and their families who had UHS health care coverage. UC Berkeley has created a website, datatheft.berkeley.edu to assist victims with information and established a 24-hour hotline to answer questions.
If it weren't for the hackers leaving messages behind, this breach may have never been discovered.
Comments