daily californian logo

BERKELEY'S NEWS • JUNE 02, 2023

Apply to The Daily Californian!

UC data breach leaks students’ personal information to dark web

article image

ANTONIO MARTIN | STAFF

Following the UC system's announcement of it being affected by a nationwide cyberattack, many students have reported their personal information being found on the dark web. This information includes Social Security numbers, phone numbers, email addresses and home addresses.

SUPPORT OUR NONPROFIT NEWSROOM

We're an independent student-run newspaper, and need your support to maintain our coverage.

|

Senior Staff

APRIL 27, 2021

On March 31, the UC system announced that it was one of 300 organizations affected by a nationwide cyberattack on Accellion’s File Transfer Appliance, a vendor service used for “transferring sensitive information.”

Following the announcement, many students have reported their personal information being found on the dark web. The stolen information included Social Security numbers, email addresses, phone numbers and home addresses. 

“We are working with federal law enforcement and external cybersecurity experts to investigate this incident,” said Stett Holbrook, spokesperson for the UC Office of the President. “In the meantime, we have notified the UC community and offered one year of complimentary credit monitoring and identity theft protection.”

Campus alumna Lauren Miller, who has formerly worked at The Daily Californian, alleged that her Social Security number, phone number, email address and home address were found on the dark web. Miller also claimed that her parents’ personal information was also accessed.

Miller said she learned about the breach through her bank and her sister, who is currently studying law at UCLA, rather than through the university. Other alumni have not received any official communication from the university, according to Miller.

The yearlong complimentary credit monitoring is not enough for Miller, who believes the university should also “offer reparations” for problems that may occur, including identity theft.

“In the event that any sort of actual theft occurs … (the university should pay) for any ensuing litigation that students, alumni and other affiliates might need,” Miller said. “If people can prove that the university is responsible for their data being stolen, I think that the university should pay the price.”

Nicholas Weaver, a campus lecturer in the department of electrical engineering and computer science, created a service to find stolen data. Weaver offered the service to his students before he was informed he could not do so, according to a Piazza post from Weaver.

Weaver said it would be a “straightforward software engineering effort” for the UC system to provide such a search service.

Jessica Lindgren, a UC Berkeley student who works as a residence hall security monitor, said she appreciates the complimentary monitoring service. Lindgren added that the service allowed her to set up a system where extra security would be necessary before anyone can use her information.

Lindgren hopes the university will continue to send emails informing students of the proper next steps to help those who may not understand what the data breach means for them.

“The privacy of our community and the security of UC data are of paramount importance to the University,” Holbrook said. “UC will continue to work with law enforcement and provide updates once we are able to disclose additional details of this ongoing investigation.”

Contact Christopher Ying at [email protected] and follow him on Twitter at @ChrisYingg.
LAST UPDATED

APRIL 27, 2021


Related Articles

featured article
Following a nationwide cyberattack targeting the UC system and hundreds of other organizations, a panel of experts discussed identity theft protection and resources at a UC Berkeley town hall Thursday.
Following a nationwide cyberattack targeting the UC system and hundreds of other organizations, a panel of experts discussed identity theft protection and resources at a UC Berkeley town hall Thursday.
featured article
featured article
During the ASUC’s general meeting Wednesday, senators and executive officials discussed the data breach and pass/no pass grading policies.
During the ASUC’s general meeting Wednesday, senators and executive officials discussed the data breach and pass/no pass grading policies.
featured article
featured article
One of the hundreds of organizations targeted by a nationwide cyberattack, the UC released updates on the incident and guidelines for its community to protect personal information. 
One of the hundreds of organizations targeted by a nationwide cyberattack, the UC released updates on the incident and guidelines for its community to protect personal information. 
featured article