Hackers Hit California With Massive ID Theft

Computerworld - The state of California has warned residents that personal data may have been stolen from the University of California, Berkeley, after hackers hit a research database there.
The California Department of Social Services (CDSS) stated last week that the agency is working with the FBI to investigate the intrusion.
The incident involved a computer that contained personal information on about 1.4 million recipients and providers participating in the CDSS's In-Home Supportive Services (IHSS) program, which provides home-care services to low-income elderly and disabled Californians. Names, addresses, telephone and Social Security numbers, and the birth dates of IHSS participants may have been stolen, said Carlos Ramos, assistant secretary at the CDSS. The data could be used to fake the identities of clients.
The state agency gave the university the data to conduct research on the IHSS program. The compromise occurredon Aug. 1 and was discovered on Aug. 30 by UC Berkeley IT staffers using intrusion-detection software, Ramos said. Investigators said a hacker exploited a vulnerability in "commercially available database software," but they don't know whether the attack was targeted.
A database of personal information on people who may lack the technical sophistication to defend themselves against identity theft and are unaware that a database stores their data would be an attractive target for thieves, said Jonathan Bingham, president and founder of Intrusic Inc., a Waltham, Mass.-based maker of software for spotting suspicious network activity.
Without adequate forensic information, investigators face a daunting task in reconstructing the intrusion and determining whether the IHSS database was compromised, let alone finding the culprits.
Meanwhile, the CDSS asked UC Berkeley to return the IHSS data and will investigate whether the researcher adhered to an agreement to protect personal information.
Roberts is a reporter for the IDG News service.