University College Berkeley in California has been hit by a second data breach in less than a year.
The San Francisco Chronicle reported that the university notified 493 applicants to its Graduate School of Journalism that a website hacker may have had access to their social security numbers and birthdates.
University officials discovered the problem in early July after noticing someone bragging on a hackers' website about accessing the journalism school site. Letters went out on Tuesday to those who applied to the journalism school between September 2007 and May 2009, said university officials, who emphasised that there is no evidence that any personal information was stolen or even viewed.
Shelton Waggener, UC Berkeley's associate vice chancellor for information technology, said: “We know that even the possibility of having data accessed by a computer hacker is disturbing, and the campus regrets that this incident has occurred.”
Around 160,000 students and university employees were notified of a breach at the university in May, when hackers broke into restricted computer databases in the campus health-services centre. In that incident the server breach began on 9th October last year and continued until 9th April, when administrators performing maintenance identified messages left by the hackers.
Steve Moyle, co-founder and CTO at Secerno, said: “These two attacks point to the attraction that universities hold for hackers. Every university requires personal data as part of the application process, and hackers know that these locations guarantee some amount of valuable data. Unlike financial services companies or many retailers, universities lack the most sophisticated data protection measures. They also do not have compliance standards for data housing, making them uniquely attractive to hackers.
“We have entered a world in which personal data is always at risk from hackers who will grab and sell it for profit. Retailers and financial institutions have felt the pain of protection in this environment, and they have the latest technology as well as compliance measures for protection. What will universities do, since they do not have the same financial resources?”