Break-In Compromises 160k Medical Records At UC Berkeley 167
nandemoari writes "Hackers have reportedly infiltrated restricted computer databases at the University of California Berkeley, putting the private data of 160,000 students, alumni, and others at risk. According to UC Berkeley, computer administrators determined on April 9, 2009 that electronic databases in University Health Services had been breached by overseas criminals. The breakins began in October 2008. Information contained on the breached databases included Social Security numbers, health insurance information, and non-treatment medical information such as records of immunization and names of treating physicians."
Old Story (Score:5, Informative)
http://www.wired.com/threatlevel/2009/05/uc-berkeley-suffers-breach-of-student-health-data/ [wired.com]
The email informing students of the breach was sent on May 8th. It was all over the news last Friday.
Re:And... (Score:2, Informative)
Re:Duh.. (Score:5, Informative)
The next battle, as I understand it, will be trying to sign up for an iPhone without giving an SSN. I've heard it can be done, but, sometimes take a number of tries before finding the salesperson/mrg that will do it.
It's got to do with a credit check. You need to surrender your SSN for the normal credit check, and they use the results to determine your deposit. Very few companies will do an alternate (less informative/reliable) check that does not require your ssn.
Without the credit check, you can still get a phone, 100% of the time. You will just have to pay a very large deposit, the largest possible for people that have horrible credit. Anyone that tells you that your ssn is required to get an iPhone is out of touch with reality.
This is true of any of the places that are not authorized by law to require your ssn. So same applies to the others that are often brought up, such as utilities, and pretty much always applies to calculation of a deposit or interest rate.
Re:Auditing Logs (Score:3, Informative)
Part of my daily duties as a systems administrator was auditing connection logs for odd behavior. Don't admins do that anymore?
A lot of that is left up to parsing scripts, interns, or just ignored. Plus, "Odd" is relative. If one of your people is overseas in China, and his VPN account logs in from China IPs at odd times of the day, it could be normal. Until it logs in twice at the same time or after he comes home, you won't notice.
Re:Who could benefit from this medical info? (Score:2, Informative)
Re:Old Story (Score:2, Informative)
Re:Old Story (Score:3, Informative)
Here is the text of the email that was send out to the Berkeley community.
Re:H-1b Visa Use at UC Berkeley (Score:2, Informative)
Are you serious? They're not trying to save a few bucks on the support staff -- that's what students are for. They have a large number of international employees because they hire researchers, lecturers, and professors from overseas to promote the exchange of ideas across cultures. Since that is, you know, the entire point of a university.
It is you that should be investigated for criminal dipshittery.