The University of California at Berkeley sent an e-mail to students on Friday disclosing that hackers had obtained access to secured databases belonging to the university's health services. The databases contained information about current students and alumni as well as spouses of students and, in some cases, parents or guardians whose health insurance information was linked to a student's file.

About 160,000 people were affected by the breach (see below for more information on this number). The stolen data, dating back to 1999, did not include information about diagnoses, treatment or therapy.

The breach began in October 9, 2008 (the hackers actually began probing the system in September) and ended when school administrators discovered hackers in the system on April 9, 2009. That's nearly a month before the school told students about the breach today. The school said it took until April 21 to confirm that information was stolen and what information was involved. The hackers entered through a public web page, through which they gained access to the secured databases. Authorities said the method used for gaining access is still being determined.

A press release about the breach mentions that administrators discovered it only "when campus computer administrators performing routine maintenance identified messages left by the hackers." The hackers had conducted their final theft of data on April 6, after which they left the messages on their way out the door. Administrators found the messages three days later.

At a press conference, school authorities said the messages left behind were taunts the hackers made to the system administrator, bragging about penetrating the system.

Virginia is currently dealing with a ransom demand from a hacker who stole 8 million patient records and 35 million prescriptions from the state's Prescription Monitoring Program. In a message left behind on the web site, the hacker demanded $10 million by Thursday of this week in exchange for him not selling the data to others.

The stolen data from UC Berkeley included some 97,000 Social Security numbers (only 160,000 of them were tied directly to names in the database but officials have notified all 97,000, since hackers might have been able to map the numbers to names and other information stored in separate databases), and possibly information related to health insurance coverage, immunization history, school medical record numbers for students who withdrew from the university for health reasons, dates of visits or names of providers seen, or for participants in the Education Abroad Program, certain information from the self-reported health history that students provided for the program.

Forensic investigators have resolved IP addresses used for the ongoing theft to Asia. Authorities identified China as one of the locations, though, as Wired readers know, this doesn't mean this is where the attacks originated.