The University of California at Berkeley started warning students and alumni on Friday that online thieves infiltrated the school's restricted servers and stole medical records on more than 160,000 individuals.

The database exposed by the breach held information on UC Berkeley's students, alumni and staff, including health insurance information and Social Security numbers, the university said in a statement. The breach lasted from October 9, 2009 to April 9, 2008, when campus administrators performing maintenance on the systems detected the intrusion. Early evidence uncovered in the investigation suggests the attack came from overseas and accessed the secured databases by compromising a public Web site run on the same server.

"The university deeply regrets exposing our students and the Mills community to potential identity theft," Shelton Waggener, UC Berkeley's associate vice chancellor for information technology, said in the statement. "We are working closely with law enforcement and information security experts to identify the specific causes that may have contributed to this breach and to implement recommendations that will reduce our exposure to future attacks."

The breach is not the first time that UC Berkeley has had to deal with a massive data loss. In 2004, California's Health and Human Services Agency announced that up to 1.4 million people may have had their records stolen from a database stored on a school computer. The University of California at Los Angeles told students and others that hackers had stolen as many as 800,000 records containing Social Security numbers, dates of birth, home addresses and contact information. While quite a few colleges have suffered large breaches, intrusionsinto payment-processor networks over the past few years have dwarfed those losses.

The data stolen from UC Berkeley includes health data of the school's students and alumni — and their parents or spouses, in many cases — who received benefits through University Health Services as well as approximately 3,400 studentsof Mills College in Oakland, Calif., who were eligible to receive benefits.

If you have tips or insights on this topic, please contact SecurityFocus.