UC Berkeley School of Journalism Server Hacked
Date Added Wednesday, August 12, 2009 | 12:38 am
Last Updated Wednesday, August 12, 2009 | 3:43 pm
Category: News > University > Academics and Administration
Almost 500 applicants to the UC Berkeley Graduate School of Journalism were notified today that their Social Security numbers and other private data may have been compromised in a recent campus security breach.
Computer security experts discovered in July that a hacker broke into a private segment of the journalism school's primary public web server and potentially accessed sensitive information of 493 people who applied to the school between September 2007 and May 2009.
However, while campus information technology officials confirmed that a breach had occurred, they said there was no indication that the information had been stolen or misused.
"In an abundance of caution, we're going to be notifying those people that the potential exists that some of their information was exposed," said Shelton Waggener, the campus's associate vice chancellor for information technology and chief information officer. "We could not find any indication that that had actually occurred."
International students and applicants who did not provide their Social Security numbers on their application are not affected by the breach.
The last major unauthorized breach of the campus's network, in which the personal data of 160,000 students, alumni and others was stolen, was discovered in April 2009.
Waggener said the campus network is bombarded with about 3 million attacks each day and that officials must determine whether or not each attack was an actual breach to the system.
The potential breach of the journalism school server was identified in the second week of July during a routine scan of the campus network and public Internet. This was followed by a forensics analysis and a security investigation that confirmed the breach, Waggener said.
Officials at the journalism school then drew up a plan to notify affected applicants and put together resources to aid them in protecting their information, he said. Those affected were sent e-mails and postal mail Tuesday.
Waggener said the delay in notifying those at risk is typical for these types of incidents. Campus officials typically take three to four weeks to disclose a security breach after it is discovered, he added.
"It just takes time to do the investigation," he said. "Once we were certain of as much info as we could be, we began the notification process and developing the notification strategy."
Neil Henry, the school's dean, said the journalism school has set up a call center and a Web site to provide resources for those affected. He said they will also hold a special session orientation during the first week of classes for students who were affected by the breach.
"It's certainly something that we deeply regret," Henry said. "But we're going to be very open and transparent about what we have done and what we're going to do going forward."
Zach A. Williams of the Daily Californian contributed to this report.
Contact Angelica Dongallo at [email protected]
Comments (0) »Comment Policy
The Daily Cal encourages readers to voice their opinions respectfully in regards to both the readers and writers of The Daily Californian. Comments are not pre-moderated, but may be removed if deemed to be in violation of this policy. Comments should remain on topic, concerning the article or blog post to which they are connected. Brevity is encouraged. Posting under a pseudonym is discouraged, but permitted. Click here to read the full comment policy.