The University of California, Berkeley, joined the growing list of enterprises and institutions to fall victim to cyber attack, with the personal information of about 1,600 people associated with the university exposed, the state university announced Thursday.
According to the university, someone gained access to servers and databases in the campus’ real estate division this past September and gained access to about 1,300 Social Security numbers and 300 credit card numbers – many of those coming from either current or former school employees.
Those affected were notified via a letter last Friday.
“There is no indication that the information was downloaded and used but, in an abundance of caution, we are encouraging those impacted to take advantage of the one free year of credit monitoring that we are offering,” said Janet Gilmore, a spokeswoman for the university, in an interview with the Bay Area News Group.
The servers that were breached did not hold large amounts of personal information but were primarily used to host data on real estate transactions. Some of the files on the server, though, did have sensitive information, including tax identification numbers in payment processing.
Campus officials finished checking volumes of files for personal information and confirming whose information may have been put at risk last week. Also, an outside firm was brought in to lead the search for any personal information that was left on the server.
“We understand that it’s disturbing to learn that your Social Security number or credit card number may have been exposed to hackers, and we truly regret that this has occurred,” said Paul Rivers, the university’s interim chief security officer, in an interview with the new group.
Data breaches at large universities are nothing new.
Ohio State University said in 2010 that hackers had penetrated a college server that contained the names, birth dates and Social Security numbers of 750,000 people, exposing them to risk of identity theft.
In 2013, the University of Virginia said Social Security numbers of more than 18,000 students were mistakenly printed in the address field of health insurance brochures mailed to their homes.
There have also been public breaches at the University of North Florida, the University of Hawaii and the University of Tampa, among others.
Perhaps the biggest incident happened earlier this year at the University of Maryland when hackers stole the personal information of more than 300,000 people that have been associated or done business with the university dating back to the late 1990s.
Universities have become a common target for hackers in recent years as they hold the personal information of hundreds, if not thousands of people, and do not always have the robust security systems of public sector organizations such as state governments or the federal government.