UNF student identities may be compromised

The University of North Florida in Jacksonville admitted today, without disclosing specific details, that there is a possibility that the confidential identification information of students who submitted contracts to live in the residence halls between 1997 and spring 2011 may have been compromised.

“While the investigation did not turn up any evidence that any specific information was copied from the files, it is a possibility,” a representative for the university told reporters.

The potentiality that a breach actually did occur was sufficient to induce the school to send letters and e-mails to approximately 23,000 current and former students; whose name, social security number, and other possible identifying information is kept in the database.

The university says that they have now “secured the servers”, but an investigation shows the information could have been accessed as early as spring 2011.

UNF recognized that those impacted will have many questions. They provided this list of “frequently asked questions” to Historic City News:

  • A person (or persons) unlawfully gained access to a database containing confidential information. In the world of computer security, these types of people are identified as “intruders.” While we have no proof that confidential information was stolen, the University is taking the precautionary measure of distributing a letter and e-mail notification to those individuals whose information was in the database, so that they can take appropriate steps.
  • This breach involved names and Social Security numbers.
  • At this point, we do not know who this intruder is, but law enforcement is investigating. This is an ongoing investigation, and the cause and intent has yet to be determined.
  • UNF collects a variety of information as part of the housing contract in-take process and through student use of the residential portal known as myHousing. This information is used by the Housing office to make on-campus housing decisions for current and in-coming students, as well as to manage the daily operation of on-campus housing.
  • It is possible that the intruder could commit identity theft and then credit fraud. To learn more about identity theft, go to www.ftc.gov/idtheft/.
  • No. In similar cases at other institutions, people have reportedly been contacted by individuals claiming to represent the University who then proceed to ask for personal information, including Social Security numbers. Please be aware that UNF will only contact you about this incident if additional helpful information becomes available. We will not ask for your full Social Security number. We recommend that you do not release personal information in response to any contacts of this nature that you have not initiated.
  • Not necessarily. At this point in the investigation, we do not have proof that someone stole the information, only that someone could have accessed the information.
  • The servers involved in this incident have been secured. The University is taking precautions to minimize future security risks.
  • UNF is covering the cost of a one-year membership of Experian’s ProtectMyIDTM Alert. This product helps detect possible misuse of your personal information and provides you with identity protection services focused on immediate identification and resolution of identity theft. Those impacted by the breach need to enroll by Sept. 30, 2012. The website, phone number and personal activation code for those impacted is included in the e-mails and letters sent out. If you were impacted by the breach and enroll in the ProtectMyID membership, your credit report will be monitored daily for 50 leading indicators of identity theft. You’ll receive timely Credit Alerts from ProtectMyID on any key changes in your credit report, which could include new inquiries, new credit accounts, medical collections and changes to public records. ProtectMyID provides you with identity protection that will help detect, protect and resolve potential identity theft. In the case that identity theft is detected, ProtectMyID will assign a dedicated U.S.-based identity theft resolution agent who will walk you through the process of fraud resolution from start to finish. We realize that identity theft can happen months and even years after a data breach. To offer added protection, you will receive ExtendCARETM, which provides you with the same high-level of Fraud Resolution support even after your ProtectMyID membership has expired.

    The 12-month ProtectMyID membership includes:

    1. Credit Report: A free copy of your Experian credit report.
    2. Daily 3 Bureau Credit Monitoring: Alerts you of suspicious activity including new inquiries, newly opened accounts, delinquencies, or medical collections found on your Experian, Equifax and TransUnion credit reports.
    3. Identity Theft Resolution: If you have been a victim of identity theft, you will be assigned a dedicated, U.S.-based Experian identity theft resolution agent who will walk you through the fraud resolution process, from start to finish.
    4. ExtendCARE: Full access to the same personalized assistance from a trained fraud resolution agent even after your initial ProtectMyID membership expires.
    5. $1 Million Identity Theft Insurance: As a ProtectMyID member, you are immediately covered by a $1 million insurance policy that can help you cover certain costs including, lost wages, private investigator fees, and unauthorized electronic fund transfers.

    Once your enrollment in ProtectMyID is complete, you should carefully review your credit report for inaccurate or suspicious items. If you have any questions about ProtectMyID, need help understanding something on your credit report or suspect that an item on your credit report may be fraudulent, please contact Experian’s customer care team at (877) 371-7902.

  • You should request a free initial fraud alert to be placed on your credit files by calling any one of the three major national credit bureaus:

    Equifax
    Direct line for reporting suspected fraud:
    (800) 525-6285
    Fraud Division
    P.O. Box 740250
    Atlanta, GA 30374

    www.equifax.com/answers/set-fraud-alerts/en_cp

    Experian
    Direct line for reporting suspected fraud:
    (888) 397-3742
    Credit Fraud Center
    P.O. Box 1017
    Allen, TX 75013
    www.experian.com/fraud/center.html

    TransUnion
    Direct line for reporting suspected fraud:
    (800) 680-7289
    Fraud Victim Assistance Department
    P.O. Box 6790
    Fullerton, CA 92634

    www.transunion.com/corporate/personal/fraudIdentityTheft/fraudPrevention/fraudAlert.page

    When contacting the credit bureaus, you should request the following:

    1. Instruct them to flag your file with a fraud alert including a statement that creditors should get your permission before opening any new accounts in your name.
    2. Ask them for copies of your credit report(s). Credit bureaus give one free credit report a year.
  • Credit bureaus will not permit UNF to act on behalf of others regarding credit data.
  • There are several steps you should take.

    1. Place a security freeze on your credit file. A 90-day security alert gives you time to verify if you are a victim of fraud. If you determine you are a fraud victim, you may add a seven-year victim statement to your credit report.
    2. Close the accounts that you have confirmed or believe have been tampered with or opened fraudulently. Use the Federal Trade Commission’s ID Theft Affidavit (available at www.consumer.gov/idtheft ) when you dispute new unauthorized accounts.
    3. File a local police report. Obtain a copy of the police report and submit it to your creditors and any others that may require proof of the identity theft crime.
    4. File your concern with the Federal Trade Commission. The FTC maintains a database of identity theft cases used by law enforcement agencies for their investigations. By filing a concern, it helps the FTC learn more about identity theft and the problems victims are having so FTC representatives can better assist you. The FTC’s Identity Theft Hotline toll-free number is 1-877-IDTHEFT (1-877-438-4338) or you can visit their website at www.ftc.gov.
    5. Inform creditors: Contact each creditor with the fraud account and inform them that the account is fraudulent.
    6. Document all contacts: Make notes of everyone you speak with; ask for names, department names, phone extensions and record the date you speak with them.
    7. Understand the process: Each creditor may have a different process for handling a fraud claim. Make sure you understand exactly what is expected from you, and then ask what you can expect from the creditor. At the conclusion of an investigation, ask the creditor for a document that states you are not responsible for the debt.
    8. Follow up: Make sure everything a creditor/credit reporting agency has requested is received. It is always a good idea to place a follow-up call or send a letter for confirmation.
    9. Review reports regularly: Obtain another report several months after you believe everything is cleared up. If a new fraudulent account is discovered, you know how to handle it. If your credit report is back to normal, you can feel confident that all issues were resolved as you expected. It would be a good idea to check your credit report again in six months and a year later.
    10. Don’t throw away files: Keep all notes and correspondence in an accessible file in case they are needed in the future.
  • You may be a victim of credit fraud. See above.
  • In order to answer any questions that you may have regarding this incident, the University has established communications channels. You may send questions by e-mail to databreach@unf.edu or call (904) 620-5499. The hotline is answered 9 a.m. to 5 p.m. Monday through Friday. E-mails will be answered within two business days.
  • While that may be an indication that things are fine now, please continue monitoring your financial statements and your credit report.
  • For those people impacted, UNF sent notices to the most recent contact information on file. If UNF does not have your most recent contact information, there is a possibility you were impacted but did not receive word. If you would like UNF to check if your information was among the files compromised, please call (904) 620-5499. The hotline is answered 9 a.m. to 5 p.m. Monday through Friday. When you call, you will be asked for basic public information, such as your name, in order to check if you have been impacted.
  • If you would like UNF to check if your information was among the files compromised, please call (904) 620-5499. The hotline is answered 9 a.m. to 5 p.m. Monday through Friday. If you are on the list of those impacted by the breach, you will need to know that the University Police Department General Offense Report number is 60003111. The General Offense Report can be found on UNF’s website.
  • The method used by the intruder to gain access has been identified and steps have already been taken to prevent a reoccurrence. The University Police Department, in conjunction with Housing and ITS, is investigating this incident.
  • UNF is constantly reviewing and updating information technology security systems and procedures. However, security technology is constantly changing, which means cyberspace intruders are finding new ways to compromise systems. As new security features become available and we become aware of new attack modes, we will continue to take steps to prevent this type of activity.
  • According to Privacy Rights Clearinghouse, which has been maintaining a listing of data breaches for seven years, more than 600 schools across the United States have had data breaches since it began collecting information. That amounts to more than 9.5 million records compromised at educational institutions since 2005.
  • Comments

    comments