Letters from the University of California, Berkeley, have been sent to students notifying them that servers were breached from September 16 to 26 and that their confidential information has been compromised. The servers housed files including names, social security numbers, credit card numbers, and driver’s licenses.
The school has since engaged with forensic security firms but it is not yet known how many files have been affected.
In the letters sent to affected students, the University said: “we have no evidence that an unauthorized individual has misused your personal information; however, there are some steps you should consider taking to protect yourself.”
California’s data breach notification legislation – California Civil Code 1798:29 and 1798:80 – requires entities that own or license computerized personal information to notify residents of California without unreasonable delay of any data breach that results or could result in the unauthorized acquisition of their unencrypted personal information. If more than 500 individuals have to be notified of a breach, the state’s attorney general must also be notified. Read more about the data breach notification legislation where you live >>
California is known for having some of the toughest privacy laws in the US
Complying with Californian data breach notification legislation can be complex. Implementing and maintaining an information security management system (ISMS) as laid out in the international information security management standard ISO 27001, however, will help organizations achieve compliance with a host of related legislative and regulatory requirements.
Alan Calder, founder and executive chairman of IT Governance and worldwide cyber security expert, commented: “If understood and implemented correctly, ISO 27001 can help to rationalize security expenditure and reduce the impact of cyber crime, while giving a business a competitive edge.”
IT Governance, a specialist in the field of information security, has created a set of ISO 27001 packaged solutions to give US organizations online access to world-class expertise.
Each fixed-priced solution is a combination of products and services that will enable you to implement ISO 27001 at a speed and budget appropriate to your individual needs.
I’m a UC employee. I got the letter today, from a company called C/O ID Experts at PO box 6336 in Portland Oregon. I went through the steps recommended, including placing a fraud alert on my credit file at Equifax, Experian and Trans Union. Then I did a credit check through annualcreditreport.com. And then I signed up with ID Experts as recommended by the letter.
All these entities asked for personal information, address, former address, SS#, DOB, first pet’s name, all that stuff. Its obvious that rather than protect my identity, I was giving my information away, AGAIN, online, to other possibly hackable companies.
UC’s internet options are a leaking sieve.