UC data breach leaks students’ personal information to dark web

Image of Experian Credit Monitoring tools
Antonio Martin/Staff
Following the UC system's announcement of it being affected by a nationwide cyberattack, many students have reported their personal information being found on the dark web. This information includes Social Security numbers, phone numbers, email addresses and home addresses.

Related Posts

On March 31, the UC system announced that it was one of 300 organizations affected by a nationwide cyberattack on Accellion’s File Transfer Appliance, a vendor service used for “transferring sensitive information.”

Following the announcement, many students have reported their personal information being found on the dark web. The stolen information included Social Security numbers, email addresses, phone numbers and home addresses. 

“We are working with federal law enforcement and external cybersecurity experts to investigate this incident,” said Stett Holbrook, spokesperson for the UC Office of the President. “In the meantime, we have notified the UC community and offered one year of complimentary credit monitoring and identity theft protection.”

Campus alumna Lauren Miller, who has formerly worked at The Daily Californian, alleged that her Social Security number, phone number, email address and home address were found on the dark web. Miller also claimed that her parents’ personal information was also accessed.

Miller said she learned about the breach through her bank and her sister, who is currently studying law at UCLA, rather than through the university. Other alumni have not received any official communication from the university, according to Miller.

The yearlong complimentary credit monitoring is not enough for Miller, who believes the university should also “offer reparations” for problems that may occur, including identity theft.

“In the event that any sort of actual theft occurs … (the university should pay) for any ensuing litigation that students, alumni and other affiliates might need,” Miller said. “If people can prove that the university is responsible for their data being stolen, I think that the university should pay the price.”

Nicholas Weaver, a campus lecturer in the department of electrical engineering and computer science, created a service to find stolen data. Weaver offered the service to his students before he was informed he could not do so, according to a Piazza post from Weaver.

Weaver said it would be a “straightforward software engineering effort” for the UC system to provide such a search service.

Jessica Lindgren, a UC Berkeley student who works as a residence hall security monitor, said she appreciates the complimentary monitoring service. Lindgren added that the service allowed her to set up a system where extra security would be necessary before anyone can use her information.

Lindgren hopes the university will continue to send emails informing students of the proper next steps to help those who may not understand what the data breach means for them.

“The privacy of our community and the security of UC data are of paramount importance to the University,” Holbrook said. “UC will continue to work with law enforcement and provide updates once we are able to disclose additional details of this ongoing investigation.”

Contact Christopher Ying at [email protected] and follow him on Twitter at @ChrisYingg.