The intrusion occurred last October and remained undetected until early this April, when campus computer administrators discovered it during routine performance maintenance, the university .
Evidence uncovered by investigators so far suggests that the attackers took advantage of a vulnerability in a public-facing Web application to gain access to multiple databases hosted on the same server, including the one containing the sensitive information, the university said.
Those impacted by the breach are current and former UC Berkeley students who had university health care coverage or received health services. Also impacted were parents and spouses of these indviduals if their names had been linked to the insurance coverage, it said.