Massive Data Breach at UC Berkeley
Hackers have allegedly broken into a health care database at the University of California at Berkeley. Supposedly sensitive personal information, including Social Security Numbers, for 160,000 students and alumni was stolen.
The intruders started probing around the system last September, finally broke in October 9 and were discovered in April 9, exactly a month before the university disclosed the breach to those potentially affected.
Authorities are tight-lipped about possible causes of the breach, but CBS News reported that the attackers might be from China.
What is known are two things: the data base was accessed via a public web portal used by the university, and that the database and web servers were on the same server.
Hmm. That's interesting. Maybe a little SQL injection going on here? Database and web servers together. That's just a lack of plain IT security common sense.
The intruders started probing around the system last September, finally broke in October 9 and were discovered in April 9, exactly a month before the university disclosed the breach to those potentially affected.
Authorities are tight-lipped about possible causes of the breach, but CBS News reported that the attackers might be from China.
What is known are two things: the data base was accessed via a public web portal used by the university, and that the database and web servers were on the same server.
Hmm. That's interesting. Maybe a little SQL injection going on here? Database and web servers together. That's just a lack of plain IT security common sense.
posted by The IT Security Guy at 10:09 PM
1 Comments:
Hi, I'm a UCB student and received the email. I called to hotline and they confirmed my name was on the list. This happened to me before in 2004 when a laptop was stolen at UCB with all the graduate student info (social security #s, etc.). If a class action lawsuit has not already been started, I want to start one.
This is the 3rd time it has happened that I know of (since I have been at UCB). This is RIDICULOUS.
You can contact me at UCBClassActionLawsuit@gmail.com
Post a Comment
<< Home