Hacking incident on J-school Web server triggers notices to affected applicants
| 11 August 2009
BERKELEY — University of California, Berkeley, officials announced today (Tuesday, Aug. 11) that the campus will be notifying approximately 490 individuals of a computer security incident involving the Graduate School of Journalism.
Campus officials discovered during a computer security check that a hacker had gained access to the journalism school's primary Web server. The server contained much of the same material visible on the public face of the Web site. However, the server also contained a database with Social Security numbers and/or dates of birth belonging to 493 individuals who applied for admission to the journalism school between September 2007 and May 2009.
Although there is no evidence that the intruder stole or even viewed information from the database containing the Social Security numbers, it is possible that such action could have occurred, campus computer security experts said. Consequently, UC Berkeley decided to err on the side of caution and notify the 493 student applicants of the incident. Letters are being sent out this week from the journalism school.
"We know that even the possibility of having data accessed by a computer hacker is disturbing, and the campus regrets that this incident has occurred," said Shelton Waggener, UC Berkeley's associate vice chancellor for information technology and its chief information officer. "The university is conducting an independent review and assessment of our overall IT security strategy and will redouble our efforts to prevent hackers from accessing our networks."
Campus computer security experts first learned of a potential problem via a Web site in which an individual claimed to have hacked into the journalism school's Web server. Subsequent investigation by the Graduate School of Journalism provided sufficient evidence to support the claim. Campus and journalism school officials have completed a careful analysis of the journalism school's computing systems and are preparing materials to notify affected students this week. The server in question has been fully scanned for vulnerabilities, any issues have been remediated, and it is now back in service.
Any students who applied to the Graduate School of Journalism between 2007 and 2009 and provided valid Social Security numbers will be receiving letters.