More than 160,000 people's personal information-including Social Security numbers-was stolen by hackers from the University Health Services online databases over a six-month period, campus officials said Friday.

Of the total number of people the campus has contacted, 97,000 have had their Social Security numbers compromised, said Shelton Waggener, associate vice chancellor of information services and technology.

The security breach makes students who have given information to health services- and in some cases their parents-vulnerable to identity theft, said Steve Lustig, associate vice chancellor of health and human services.

"We have records on all students, whether or not they've used the health center," he said.

Students are required to provide documentation of comparable insurance in order to waive the campus' Student Health Insurance Plan. Because this includes parents' information, family members of students may also have been compromised.

The campus is working with the FBI and UCPD to investigate the breach.

The breach affects all students, alumni and individuals who have been affiliated with health services since 1999. About 3,400 Mills College students who have used health services since 2001 are also at risk.

No medical or financial information was breached, Lustig said.

Because Social Security numbers, names and other data were in separate databases, it may be difficult for hackers to match the information and successfully steal one's identity, Waggener said. Not everyone may be at serious risk for identity theft, he added.

"Imagine, if you will, a deck of cards, and you identify that the deck of cards has been stolen," he said. "We're not 100 percent certain that every one of the 52 cards are stolen, but there are enough cases for us to believe that this a serious breach."

Sophomore Katreena Delgado said the breach is very concerning.

"It's really bothersome because you give them all your information and expect it to be confidential," she said. "It's even more disturbing that they did it for six months without being caught."

The hackers, who have been

determined to be operating from Asian countries including China, entered the system through public access points and then broke through secure areas to access the databases, Waggener said.

The hacks seem to have started in October and were disguised as regular system operations. It was not until the hackers left "taunting messages" to system administrators that the hacks were noticed, Waggener said.

The messages were left on April 6 but found on April 9, and the databases were subsequently taken offline. By April 21, security experts confirmed sensitive personal data was in fact stolen, and campus officials began to determine who was affected and started to plan to alert them, Waggener said.

"We're talking about millions of rows of information, most of which is completely innocuous," he said. "We had to do an analysis."

This security breach is not the first to occur in recent years.

In 2004, a hacker broke into a UC Berkeley computer that contained nearly a million Social Security numbers of California residents. In 2005, a laptop with Social Security numbers was stolen from Sproul Hall.

Officials are urging those affected by the breach to check their credit reports and call the campus's hotline at 888-729-3301 to see whether their Social Security numbers were compromised.

Katie Meyer of The Daily

Californian contributed to this report.

Tags: UNIVERSITY HEALTH SERVICES