Hacker Accessed Employee Information

 

May 31, 2005

To: UC Employees

From: Fred Siff, Vice President & Chief Information Officer

As previously communicated, a computer hacker recently gained access to a particular subset of the University's computer systems. The hacker did not gain access to the University's core systems, such as student information (UniverSIS), financial (CUFS), human resources (Integral) or course management (Blackboard). UCit discovered the incident and reported it to the UC Police Department. An investigation began immediately. We have waited to report further until we had additional, substantive information as to the exact nature of the intrusion.

We know now that some 7,500 Social Security numbers were compromised. We are still sorting through the social security numbers to identify individuals so affected and they will be notified, directly and individually, this week.   

In addition a number of user ids and passwords used for very specific systems, such as HR training and E-News administration, were compromised. (Passwords for most of these have already been changed on the action of the appropriate system administrators.) This information was taken from employee-oriented systems, and no student data was compromised.

At this point, there is no indication that the hacker has used this information for any unlawful purpose. Nevertheless, while we continue to investigate the matter, we are alerting all users of actions you can take whenever you become concerned about identity theft.

Under a recently enacted federal law, individuals can request a free copy of their credit report to ensure the accuracy of the information so contained as well as to identify any unusual activities. Individuals may request one free report each year from each of the three major nationwide credit bureaus; this may be accomplished by contacting the central agency at https://www.annualcreditreport.com. Should there be suspicious activity, the individual may request a free initial fraud alert to be placed on their credit files by calling any one of the three major nationwide credit bureaus.

If you find suspicious activity on your credit reports or have reason to believe your information is being misused, you may also file a complaint with the Federal Trade Commission at http://www.creditscore.net/additional-resources/fight-identity-theft/ or by calling 1-877-ID-THEFT (438-4338). Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcement agencies for their investigations. The FTC also will advise you on further steps to take in the event your information is being used illegally.  The Ohio Attorney General’s Office also has identity theft information on their web site at http://www.ag.state.oh.us . UC Police, 556-1111, can also assist you with concerns you have regarding identity theft.

As indicated, you have received this message as a precaution due to general concern over identity theft in our society.  We sincerely regret the occurrence of this intrusion.  While no one can guarantee cybersecurity, particularly in the open environment which characterizes the University, UCit is redoubling its efforts at securing the University's information resources.

If you have any further questions, please contact the UCit Help Desk at 556-4357 or via e-mail at helpdesk@uc.edu.

Related Stories

Debug Query for this