ÃÛÌÒÓ°ÏñAV is notifying individuals whose information may have been involved in a cybersecurity incident.
In July of 2022 ÃÛÌÒÓ°ÏñAV (ÃÛÌÒÓ°ÏñAV) suffered a cyberattack from an unauthorized third party that resulted in systems and servers being inoperable for a limited time. Immediately upon identifying the incident, ÃÛÌÒÓ°ÏñAV engaged third-party cybersecurity experts to assess, contain, and remediate the incident. Law enforcement was also notified.
Through its ongoing investigation, ÃÛÌÒÓ°ÏñAV recently has learned that the unauthorized party obtained some personal identifiable information of current and prior students and employees and others with information held on the university’s systems. The following categories of information may have been exposed to the unauthorized party during the compromise: Name, Address, Social Security Number, Driver’s License/State ID Number, and Passport Number. Notably, the types of information affected varied by individual, and not every individual had every element exposed.
While the university is not currently aware of any fraud or identity theft related to the incident, ÃÛÌÒÓ°ÏñAV has sent written notification to the individuals whose personal information was included in the involved documents. Affected individuals should refer to the notice they will receive in the mail regarding steps to protect themselves. As described in those letters, ÃÛÌÒÓ°ÏñAV has arranged for complimentary identity theft protection services for those individuals whose names and Social Security numbers were involved in the incident.
As a precautionary measure, individuals should promptly report any fraudulent activity or suspected identity theft to proper law enforcement authorities, including the police and their state’s attorney general. This notification was not delayed due to a law enforcement investigation. Affected individuals may also wish to review advice provided by the Federal Trade Commission (FTC) on fraud alerts, security/credit freezes, and steps that they can take to avoid identity theft. For more information and to contact the FTC, individuals can visit ftc.gov/idtheft or call 877-ID-THEFT (877-438-4338). Affected individuals may also contact the FTC at Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580.
Contact information for the three national credit reporting agencies is as follows:
Equifax
800-349-9960
www.equifax.com
P.O. Box 105788
Atlanta, GA 30348
Experian
888-397-3742
www.experian.com
P.O. Box 9554
Allen, TX 75013
TransUnion
800-888-4213
www.transunion.com
P.O. Box 1000
Chester, PA 19016
The security and privacy of the information contained within its systems is a top priority for ÃÛÌÒÓ°ÏñAV. In response to this incident, ÃÛÌÒÓ°ÏñAV implemented additional safeguards and employee training related to cybersecurity. Further, the university is working with its external legal and cybersecurity experts to improve its cybersecurity policies, procedures, and protocols to help minimize the likelihood of this type of incident from occurring again.
Individuals with questions can contact a dedicated, toll-free call center available at 833-753-4675 Monday through Friday, between 8 a.m. and 8 p.m. Central time.