If you're a current or former University of California, Berkeley student, and have taken advantage of the on-campus health services at some point in the past ten years, you may want to check your credit report. The university today announced that it has discovered a massive data theft involving 160,000 current and former UC Berkeley students.
The theft involves records stolen from UC Berkeley's University Health Services. No records involving treatment at the on-campus clinics were stolen, but the thieves made off with important personal data including names, birthdates, student identification numbers, and social security numbers, as well as some health information such as immunization records. Anyone who has used the university's on-campus health services and clinic since 1999 may be impacted, as well as their parents and spouses. California state law requires that health records be kept for at least seven years, and the university's policy is to keep such records for ten years.
This data theft went on for six months, from early October 2008 until early April 2009. The breached databases have since been taken offline and will remain down until the university has identified and fixed the breach. UC Berkeley has set up both a hotline (1-888-729-3301) and a Web site with information for those who may have been affected by this data theft. It is also notifying potential victims via e-mail and letters, but if your contact information has changed, be sure to give them a call.
This is not the first time UC Berkeley has had data theft issues. In 2005, a laptop containing personal information for 98,000 graduate students went missing. The laptop was later recovered.
This breach strikes me personally because as a Berkeley graduate, I know several people who have been affected by this breach. Unfortunately there's little we as individuals can do to prevent this sort of data breach, but you can mitigate the damage and keep tabs on your financial and personal information. As always, stay vigilant.