I picked up the following from SC Magazine:
University College Berkeley hit by second data breach in six months
The standout here is the quote:
“…a website hacker may have had access to their social security numbers and birthdates.”
This could simply be sloppy reporting, but if it is true that someone accessed the PII via the Journalism School website then this is a fundamental architecture flaw and probably a rookie information security mistake.