Ran across a new breach story this weekend that almost slipped under my radar from the San Francisco Chronicle. Reportedly some “overseas” hackers broke into UC Berkeley computer systems and accessed a proverbial “shit ton” of confidential information.
The databases contained 97,000 Social Security numbers, health insurance information and nontreatment medical information, such as immunization records, names of doctors whom people may have seen and dates of medical visits, said Shelton Waggener, UC Berkeley’s associate vice chancellor for information technology and its chief information officer.
Supposedly though, the large number of Social Security numbers were contained on a separate database than the names and medical histories that coincided with them. However, they are unclear if the “oversea” hackers were able to access both sets of information to be able to match them up and assemble a complete identity.
The hackers, primarily from China and elsewhere in Asia, had access to the information for six months before they were discovered. The breach exposed the records of 160,000 people, of whom 97,000 had Social Security numbers included in the database, officials said.
This is where most of these breach articles lose me. If the people providing the data for this news article honestly aren’t sure about something like the hackers forming a complete identity, how can their IP tracking technology be so rock solid that they are sure that the hackers are legitimately from Asia. Just as Asian as 1,000 email accounts “from Asia” costing a kid in New Jersey a few dollars?
Further evidence of the crack security team’s vast knowledge of this incident is evident here:
The hackers broke into the computer system Oct. 9 and were not discovered until April 9, when administrators performing routine maintenance came across an “anomaly” in the system and found taunting messages that had been posted three days earlier, UC said.
I’d prefer not to touch this part because it seems wrong and easy but what kind of IDS do they have or some seriously huge log files to know how this attack happened 6 months later. OK that is all I’m saying about that.
There are some other people that agree with my line of thought quoted at the end of the article if you’re interested.