SAN FRANCISCO – University of California, Berkeley, officials said Friday that hackers infiltrated restricted computer databases, putting at risk the personal information of 160,000 current and former students, alumni and others.
The university said data include Social Security numbers, health insurance information and some medical records dating back to 1999. Personal medical records — such as patient diagnoses, treatments and therapies — were not compromised, officials said.
The databases also included personal information of parents and spouses as well as Mills College students who used or were eligible for Berkeley's health services.
The server breach occurred on Oct. 6, 2008 and lasted until April 9, when campus staff performing routine maintenance found messages allegedly left by the hackers, the school said.
"Evidence uncovered to date suggests that this attack was launched by highly skilled criminal operations based overseas," the school said.
The school contacted campus police and the FBI, and began investigating the cause and scope of the breach.
Former and current students did not receive e-mail notification of the hacks until Friday morning.
The university said it took forensic technology experts until April 21 to figure out which databases were hacked.
"Since then a team of more than 20 people from across the campus have been working seven days a week to determine the exact scope and nature of the breach," the school explained on a Web site set up to answer questions about the incident.
In the interim, university administrators said they have hired an outside Internet security firm to conduct an audit of the school's systems and information security measures.
"The university deeply regrets exposing our students and the Mills community to potential identity theft," said Shelton Waggener, UC Berkeley's chief information officer. "The campus takes our responsibility as data stewards very seriously.
In March 2005, a thief walked into a UC Berkeley office and swiped a computer laptop containing personal information about nearly 100,000 alumni, graduate students and past applicants. And six months earlier, a computer hacker gained access to UC Berkeley research being done for the state Department of Social Services. The files contained personal information of about 600,000 people.