A hacker broke into the University of California, Berkeley computer system holding financial data of 80,000 students, alumni, current and former employees, school officials said Friday.
The university said that although there is no evidence that any information has been stolen, it has notified potential victims of the breach so they can watch for signs of possible misuse of their personal data.
Those notified include students and staff who received non-salary payments though electronic fund transfers, such as financial aid awards and work-related reimbursements. Vendors whose financial information was in the system for payment purposes are also at risk.
The hack occurred in December right after Christmas and just as UC Berkeley was in the middle of patching a security flaw in the financial management system.
“We (looked) at all the available evidence of what the attackers did, and as we looked at that, we don’t see any evidence that these are the kinds of attackers that did access the data, or did anything to take that data,” Paul Rivers, UC Berkeley’s chief information security officer, told reporters, according to SF Gate.
“However, in an abundance of caution, we don’t want to depend on our judgment alone,” he added. “We want to be transparent and (let people) make their own choice on how they should respond.”
The SF Gate reported this cyberattack is the third-largest breach affecting the school in years and shows how difficult it is to protect academic institutions.
Rivers said part of the difficulty with protecting the school is the fact officials can’t close if a major breach happens. He said he can’t treat network security on campus like it was a bank or tech company.
The FBI was notified and the flaw has been patched.
Rivers added that the school needs to work faster on getting its security system fixed. He didn’t offer a timeframe or a plan on when the security patches would take place.
The Associated Press contributed to this report.