UC Berkeley breach exposed personal data

University of California at Berkeley officials notified 1,600 people this week that their personal data might have been hacked.

The information, accessed on the campus’ Real Estate Division, includes around 1,300 Social Security numbers and around 300 credit card numbers belonging to current and former campus employees and some individuals who have done business with the division, according to university officials.

The data covers a period between the early 1990s and May 2014. There is no evidence the data has actually been downloaded and used, but the university is notifying potential victims in compliance with state law.

The university is offering free credit monitoring to everyone affected, according to a statement from Paul Rivers, the university’s interim chief information security officer:

“We understand that it’s disturbing to learn that your Social Security number or credit card number may have been exposed to hackers, and we truly regret that this has occurred.”

The university learned of the breach in September and conducted a review determining what personally identifiable information was affected. That review concluded Nov. 17 and the process of notifying affected individuals began Friday.

The Real Estate Division has taken steps since the breach was discovered to improve security, officials said.