UC Berkeley’s financial system, which stores the bank account and social security numbers of students, faculty and vendors, was breached on Dec. 28, 2015. The university began notifying victims of the cyberattack last Friday. Over 80,000 current and former students, employees and vendors may have have been affected by the attack.
Senior Director of Strategic Communications at UC Berkeley Janet Gilmore told the UCSD Guardian officials needed time to identify the individuals affected before they could notify the victims.
“With any cyberattack, it takes time to determine the scope of the attack, restore the integrity of the system [and] identify the individuals potentially affected,” Gilmore explained. “Once the university discovered the attack, it promptly hired an outside computer investigation firm to ensure the process could move along as quickly as possible and to help confirm that the attack was fully contained and the intruders expelled from the system.”
According to Gilmore, the attack took place while campus officials were in the process of patching a security flaw in the financial system. The campus’s existing security measures stopped the intrusion within 24 hours of its discovery.
Gilmore also clarified that there is no evidence that the sensitive information was accessed or used, but UC Berkeley is offering students free credit-monitoring services as a precautionary measure.
“Out of an abundance of caution, we are offering those potentially impacted with a year of credit monitoring, free of charge, and a package of related credit protection services, again, free of charge,” Gilmore said. “Tips and resource information are also being provided.”
Following the breach, campus officials hired security experts to improve their security measures and are working to expedite the process of fixing defects in administrative systems during updates.
This attack follows another breach in UC Berkeley’s cybersecurity system that occurred in September 2014, which compromised the information used by its Real Estate Division. According to Gilmore, large organizations are often victims of cyberattacks, and UC Berkeley is not the first school in the University of California to be affected by an attack. UCLA Health, for example, was hacked in July 2015. UCSD Director of IT Services Brian DeMeulle explained that UCSD, like all organizations, may also be a target for hackers, but campus officials are constantly watching out for and stopping potential threats.
“We have numerous processes and tools in place to monitor, analyze and block bad actors from gaining access to our information assets,” DeMeulle told the Guardian. “With that, we are constantly looking for ways to improve our security and risk posture, balancing that with the needs of the business.”
In addition to each campus’ individual security protocols, the UC system also has systemwide security measures in place to monitor information. DeMeulle explained, however, that the best way for a person to protect their information is to carefully monitor their own online activity.
“Security is everyone’s responsibility,” DeMeulle said. “This is as much a cultural and behavioral concern as is it a technological one. The more users are educated regarding appropriate behavior while utilizing computing resources and working with digital information, including both work-related information and their own personal information, the better we can work collaboratively toward proactively identifying and mitigating potential security issues.”