Break-In At Berkeley May Have Compromised Data Of 1.4 Million Californians - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:58 PM
Connect Directly

Break-In At Berkeley May Have Compromised Data Of 1.4 Million Californians

State officials say it's not clear if names and Social Security numbers were accessed or stolen but urge individuals to take precautions against identity theft.

California state officials revealed Tuesday that in August a hacker broke into a University of California, Berkeley, computer containing a database with the names and Social Security numbers of some 1.4 million Californians.

Carlos Ramos, assistant secretary at the California Health and Human Services Agency, said the breach occurred on Aug. 1 but wasn't detected until the end of the month. It was reported to the state Sept. 21. He confirmed that the California Highway Patrol and the Federal Bureau of Investigation are pursuing the incident and that the hacker has not been found.

He also stressed that it has not been determined whether the information in the database on the compromised system was actually accessed or stolen. "Really, this announcement is a precautionary measure," he says.

The database in question contained the names, addresses, Social Security numbers, and dates of birth of caregivers and care recipients participating in California's In-Home Supportive Services (IHSS) program since 2001. The data was being used in a UC Berkeley study of the effect of wages on in-home care and was obtained with authorization from the California Department of Social Services.

The Social Services Department is urging IHSS participants to follow the recommendations of the Office of Privacy Protection, which include contacting the three major credit bureaus in order to review their credit reports for signs of identity theft and related fraud.

UC Berkeley officials were not immediately available for comment.

"It's a bit ironic," says Jonathan Bingham, president of Intrusic Inc., a security software company focused on internal threats. "The same thing happened to UC Berkeley back in 1998. What it highlights are a couple of factors that are inherently flawed within the industry and within the security profile of not just UC Berkeley but all of the organizations that are out there today."

The university's approach to security is focused too much on keeping unauthorized intruders out and not enough on policing the actions of users deemed by the system to be legitimate, Bingham contends. He points to the fact that the intruder operated for a month before being detected as a sign that those with access need to be watched more closely.

"UC Berkeley has a fairly open network, as most universities do," he says. "They want to give access to as many people as possible, especially in their research network. When you start introducing confidential information into open network settings, you need to have a better ability to detect compromises."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
How COVID is Changing Technology Futures
Jessica Davis, Senior Editor, Enterprise Apps,  7/23/2020
10 Ways AI Is Transforming Enterprise Software
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/13/2020
IT Career Paths You May Not Have Considered
Lisa Morgan, Freelance Writer,  6/30/2020
Register for InformationWeek Newsletters
Current Issue
Special Report: Why Performance Testing is Crucial Today
This special report will help enterprises determine what they should expect from performance testing solutions and how to put them to work most efficiently. Get it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll