Cyber Incident Victim: University of California, Berkeley
Date:
Dec 2014
Location:
United States of America
Summary
A cybersecurity incident at UC Berkeley involved unauthorized access to a web server within the Division of Equity and Inclusion, compromising documents containing Social Security numbers, bank account details, and family financial information submitted by students. The breach impacted approximately 260 current and former undergraduate students, along with 290 parents and family members. Upon discovery, the institution immediately isolated the affected server, engaged a digital forensics firm to investigate, and confirmed the scope of exposed data. Notifications were sent to all affected individuals, who were offered complimentary credit monitoring services for one year and resources to detect potential misuse of their information. The unauthorized access occurred during two separate incidents over a multi-month period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 14, 2015, the University of California, Berkeley discovered unauthorized access to a campus web server maintained by its Division of Equity and Inclusion. The server stored sensitive documents containing family financial information submitted by students, including Social Security numbers and bank account details. An investigation by a digital forensics firm determined that unauthorized access first occurred in December 2014, with a separate additional breach occurring in February 2015. The compromised data affected approximately 260 current undergraduate students, some former students, and about 290 parents or family members of the notified students. University officials immediately disconnected the server from the network upon discovery to prevent further unauthorized access.
UC Berkeley initiated notification procedures on April 30, 2015, sending physical letters to all affected individuals and emails to current students. The notifications advised recipients to monitor for potential misuse of their information despite no evidence of actual misuse at the time of disclosure. Interim Chief Security Officer Paul Rivers confirmed the university would provide one year of free credit monitoring services to impacted individuals along with a resource list for detecting suspicious account activity. The breach response adhered to California legal requirements for data breach disclosures. Forensic investigators identified all compromised parties before notifications were issued, completing their analysis between the March 14 discovery and the April 30 notification date. The incident marked another cybersecurity event for the institution following previous breaches.