UC Berkeley notice the breach in September 2014, after which it removed the affected servers from the network. Thereafter UC Berkeley began reviewing the data stored on the servers to look for personal information. The search for personally identifiable information concluded the week of November 17, 2014, and notification letters were mailed starting December 12, 2014. After identifying the people whose personal information may have been compromised, UC Berkeley sent out emails to the affected people. It also issued a statement on its website mentioning the same. “Because the compromised servers contained such a large volume of data, an outside firm was brought in to lead the search for any personally identifiable information on the servers,” the statement says. “We understand that it’s disturbing to learn that your Social Security number or credit card number may have been exposed to hackers, and we truly regret that this has occurred,” UC Berkeley interim chief security officer Paul Rivers said in a statement. “We are encouraging those affected to take advantage of the free credit monitoring service that the university is offering to those impacted by the breach.” All those affected are being offered one free year of credit protection services from ID Experts.