UC Berkeley officials notified some current and former students and families who may have been affected by a data breach earlier this academic year, the campus announced Thursday.
Campus officials learned of the breach March 14 after a campus server was accessed without authorization in December and again in February. The server is under the management of a unit within UC Berkeley’s Division of Equity and Inclusion and contained information about some students’ finances as well as their social security numbers.
Campus officials estimate that more than 200 current undergraduate students and former students as well as almost 300 parents and other individuals were potentially affected by the breach, as well as many of these students’ family members.
Although there is no evidence that the information has been used, the campus has notified the individuals who were potentially affected in compliance with California law.
Paul Rivers, the campus’ interim chief information security officer, said in an email that this is the university’s second “reportable breach” within the past 12 months. Campus authorities have no reason to believe that the two are related, although investigation into this latest breach remains open, according to Rivers.
Rivers said the cause of this breach was “human error” and that steps are being taken to prevent another breach. But as “the information security landscape has evolved and cybercrime has increased … even the strongest information security protections will never be foolproof,” he said.
The campus took the server offline shortly after the discovery. According to Rivers, the server will stay offline permanently.
Contact Michelle Pitcher and Natchapol Praditpetchara at [email protected].
A previous version of this article listed Amy Jiang as the author. In fact, Michelle Pitcher was the author.