We want to let you know that today the campus is sending notification letters and emails to members of our community to inform them of a computer breach that resulted in the theft of personal information from databases in our University Health Services, UHS, area.
The victims of this crime are current and former students, as well as their parents and spouses if linked to insurance coverage, who had UHS health care coverage or received services. We are also sending notification letters to Mills College students who received, or were eligible to receive, healthcare on the UC Berkeley campus.
We sincerely regret and apologize for any difficulty this theft may create for individuals who may have had their personal information exposed. We have alerted campus police detectives and the FBI, and are doing all that we can to investigate this crime. All of the exposed databases were immediately removed from service to make sure that they would be completely protected from any future attacks.
Those individuals directly affected by the theft will receive letters with detailed information on steps that they can take to protect their credit and identity. We have launched a dedicated web site, http://datatheft.berkeley.edu/ that contains detailed information for affected individuals, the media and the general public. In addition a Data Theft Hotline, 888-729-3301 will be operating 24 hours a day, 7 days a week to answer questions from affected individuals.
UC Berkeley computer administrators determined on April 21 that electronic databases in UHS had been breached and data stolen by overseas criminals. The databases stored personally identifiable information used for billing such as Social Security numbers, and non-treatment medical information such as immunization history, UHS medical record numbers, dates of visits or names of providers seen, or for participants in the Education Abroad Program, certain information from the self-reported health history.
Please be assured that UHS electronic medical records, which include details of patients diagnoses~, treatments and therapies, are stored in a separate system and were not affected in this incident.
To ensure that we fully understand the nature of the security breach and to determine the steps that we can take to minimize the risk of a reoccurrence, the university has hired an outside auditor, Price Waterhouse Coopers, to support our ongoing investigation of the incident. The campus is committed to implementing recommendations that address the root causes of this security breach.
Associate Vice Chancellor
Health and Human Services
Associate Vice Chancellor & CIO
Information Services & Technology