A computer hacker gained access to at least 600,000
Californians’ Social Security numbers that were on a UC
Berkeley professor’s computer, officials said Wednesday.
Berkeley officials said they were first informed of the breach
on Sept. 17. The computer violation was one of the largest in their
school’s history.
“We have no way of knowing if the data was copied,”
said George Strait, a spokesman from Berkeley. “We know that
someone went in there and looked at it.”
Reuters and other news agencies reported Wednesday that 1.4
million names and social security numbers had been accessed by the
hacker.
Strait said that number was an overestimate and included
duplicates.
Strait also said Berkeley’s investigation showed that only
social security numbers and medical conditions ““ not names or
addresses ““ were accessed by the hacker.
The hacker has not been arrested, and Strait said they are
extremely difficult to find, as many hackers have sophisticated
ways of covering their tracks.
“It’s very unlikely that we’ll ever find out
who did this,” Strait said.
Candace Howes, a visiting scholar from Connecticut College,
received the sensitive information from the state Health and Human
Services Agency in 2001 to conduct research into the best way to
deliver care to home-bound patients.
The breach at Berkeley is having a direct effect on UCLA
researchers using similar information.
Ruth Matthias, a researcher at UCLA, is directing a program to
help retain home care workers.
Since the intrusion, Matthias said she has been asked by the
state not to conduct any work that would use social security
numbers.
Matthias said the state’s request will likely cause slight
delays and that it is too early to see if it will have a major
effect on her project.
UCLA and Berkeley both received information from the health and
human services agency to research In-Home Supportive Services for
the elderly and challenged.
Identity theft has been an issue in recent years, and
universities across the state have had some problems keeping hold
of sensitive information.
UC San Diego announced in May that it was notifying past and
present students, applicants, faculty and staff that hackers had
gained access to around 380,000 names, social security and
driver’s license numbers.
A laptop computer containing similar information for 145,000
blood donors was also stolen from a UCLA van in Compton in November
2003.
Despite the laptop theft last year, Kent Wada, director of
UCLA’s information technology policy, said the university has
not had an incident quite as severe as Berkeley’s and that
UCLA is doing numerous things to keep confidential files safe.
Informing the public is one thing Wada said can help prevent
incidents. A letter was sent to all faculty and staff on June 10
about the importance of maintaining confidentiality.
Wada said the university is also making sure that they are not
keeping any secret information that isn’t necessary to
conduct research and, when possible, they have tried not to
replicate the data.
Electronic barriers such as firewalls and anti-virus software
are also being used to block hackers, Wada said.
Matthias said she is not sure how the information at Berkeley
was accessed and that her project has taken extra precautions to
keep the data safe.
The data is kept in secure rooms, computers with confidential
information are not hooked up to the internet and confidential data
is never put on laptops, Matthias said.