University of California, Irvine

The University of California, Irvine experienced a data breach reported on **May 14, 2014**, involving unauthorized access to its systems. The breach occurred due to computers being infected with a **keystroke logger** between **February 14 and March 27, 2014**, which potentially compromised **personal and unencrypted medical data** of individuals. The exact number of affected individuals remains **unknown**, raising concerns about the exposure of sensitive health information. The attack method suggests a targeted intrusion aimed at harvesting confidential data, likely through malicious software designed to capture keystrokes—including login credentials, medical records, or other personally identifiable information (PII). The breach underscores vulnerabilities in the university’s cybersecurity defenses, particularly in protecting high-risk data like medical records, which are subject to strict regulatory protections (e.g., HIPAA). The incident highlights the risks of **unauthorized data access** in academic institutions handling sensitive information, with potential long-term repercussions for trust, legal compliance, and individual privacy.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-45106

TPRM report: https://www.rankiteo.com/company/uc-irvine-medical-center

"id": "uc-013091825",
"linkid": "uc-irvine-medical-center",
"type": "Breach",
"date": "2/2014",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Unknown',
                        'industry': 'Higher Education',
                        'location': 'Irvine, California, USA',
                        'name': 'University of California, Irvine',
                        'type': 'Educational Institution'}],
 'attack_vector': 'Keystroke Logger (Malware)',
 'data_breach': {'data_encryption': 'No (Data was unencrypted)',
                 'data_exfiltration': 'Potential',
                 'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (Unencrypted Medical Data)',
                 'type_of_data_compromised': ['Personal Information',
                                              'Medical Data']},
 'date_detected': '2014-03-27',
 'date_publicly_disclosed': '2014-05-14',
 'description': 'The California Office of the Attorney General reported a data '
                'breach by the University of California, Irvine on May 14, '
                '2014. The breach involved unauthorized access to computers '
                'infected with a keystroke logger between February 14 and '
                'March 27, 2014, potentially affecting personal information '
                'for individuals, including unencrypted medical data. The '
                'number of individuals affected is unknown.',
 'impact': {'data_compromised': ['Personal Information',
                                 'Unencrypted Medical Data'],
            'identity_theft_risk': 'Potential',
            'systems_affected': ['Computers']},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'University of California, Irvine Data Breach (2014)',
 'type': 'Data Breach'}