Tech

University of California Berkeley once again becomes victim of cyberattack

It's not a small one, either. The university has told 80,000 people their information may have been compromised.

Written by Charlie Osborne, Contributing Writer Feb. 29, 2016 at 2:04 a.m. PT

The University of California, Berkeley, has admitted to a second data breach which may have exposed the data of 80,000 people to misuse.

Current and former students, faculty members and vendors linked to the university are among those who have been warned about the incident, which took place through financial management software which contained a security flaw, allowing an attacker -- or group -- to access internal services.

The attack took place in late December, 2015. The entry point the attacker used was the Berkeley Financial System (BFS), which the university was in the process of patching. According to UC Berkeley, the software is used for purchases and non-salary payments.

Last week, the San Francisco Bay Area university said while there is no evidence the personal information belonging to thousands of people was accessed or stolen, the system which was compromised was used to store Social security and bank account numbers.

In total, 57,000 current and former students, including student workers, 10,300 vendors and others -- at a ratio of roughly 50 percent of current students and 65 percent of active employees -- could have had their information taken.

Security

"The security and privacy of the personal information provided to the university is of great importance to us," said Paul Rivers, UC Berkeley's chief information security officer in a statement. "We regret that this occurred and have taken additional measures to better safeguard that information."

The FBI and other law enforcement agencies have been notified.

The university is warning those affected to stay on the lookout for "misuse" of their data -- which could lead to identity theft, for example -- and is offering free credit monitoring to help potential victims keep an eye on their affairs.

UC Berkeley was last hit with a cyberattack in December, 2014. Last time, the university's Real Estate Division was breached by cybercriminals, leading to the data of roughly 1,600 individuals becoming exposed.