The California Office of the Attorney General disclosed a data breach at the **University of California, Berkeley (UC Berkeley)** on **February 26, 2016**, stemming from an unauthorized access incident on **December 28, 2015**. The breach targeted components of UC Berkeley’s **financial system**, compromising sensitive personal and financial data. Exposed information included **names, Social Security numbers (SSNs), and bank account numbers** of approximately **1,000 individuals**, primarily students, faculty, or staff associated with the university. The breach posed significant risks, as SSNs and bank details are high-value targets for identity theft, financial fraud, and phishing attacks. While the exact method of intrusion was not detailed, the exposure of such data could lead to long-term repercussions for affected individuals, including unauthorized credit applications, tax fraud, or direct financial losses. UC Berkeley likely faced reputational damage, potential regulatory scrutiny (e.g., under **California’s data breach notification laws**), and costs associated with remediation, such as credit monitoring services for victims. The incident underscored vulnerabilities in the university’s cybersecurity posture, particularly in safeguarding financial systems against external threats. No evidence suggested the data was used maliciously post-breach, but the sheer sensitivity of the exposed information elevated the severity of the event.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-60237
TPRM report: https://www.rankiteo.com/company/university-of-california-berkeley
"id": "uni025091825",
"linkid": "university-of-california-berkeley",
"type": "Breach",
"date": "12/2015",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,000',
'industry': 'Higher Education',
'location': 'Berkeley, California, USA',
'name': 'University of California, Berkeley',
'type': 'Educational Institution'}],
'customer_advisories': 'Security notification issued to affected individuals',
'data_breach': {'number_of_records_exposed': '1,000',
'personally_identifiable_information': ['names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2015-12-28',
'date_publicly_disclosed': '2016-02-26',
'description': 'The California Office of the Attorney General reported a data '
'breach at the University of California, Berkeley, on February '
'26, 2016. The breach occurred on December 28, 2015, when an '
'unauthorized person accessed components of the UC Berkeley '
'financial system, potentially exposing names, Social Security '
'numbers, and bank account numbers of individuals. '
'Approximately 1,000 individuals are estimated to be affected '
"based on the security notification's context.",
'impact': {'data_compromised': ['names',
'Social Security numbers',
'bank account numbers'],
'identity_theft_risk': 'High (PII exposed)',
'payment_information_risk': 'High (bank account numbers exposed)',
'systems_affected': ['UC Berkeley financial system']},
'initial_access_broker': {'high_value_targets': ['financial system']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Security notification issued'},
'threat_actor': 'Unauthorized person',
'title': 'Data Breach at University of California, Berkeley',
'type': 'Data Breach'}