How will UD prevent future attacks?

Where can I get updated information?
UD will post updates to this Web site.
What steps did the University take once it found out about the attack?
UD took immediate corrective action to contain the incident. Although we cannot discuss the technical details of our systems and network security, we can tell you that the University has worked with the FBI and has engaged a leading data security firm to assist with the forensic investigation.
What is being done to ensure this does not happen again?
The University of Delaware treats information security with the utmost seriousness and continually updates its defenses against cyberattacks.

The University has been aligned with the best practices in the IT industry; unfortunately, there is no way that any organization can guarantee that a cyberattack will never occur. However, we are already making changes to our network in consultation with the FBI, our data security consultant, and other universities whose systems have been breached in the past.

How will UD manage my private information in the future?
Our information security policies and practices are in line with both IT industry and higher education IT best practices. UD follows HIPAA, FERPA and all other federal and state laws designed to protect your private information. UD will continue to exercise caution and continually improve safeguards for protecting your personal information.
Why does UD need to have my Social Security number at all?
The Higher Education Act of 1965 allows colleges and universities to use Social Security numbers (SSNs) for institutional transactions. It is routine for colleges and universities to store this information electronically. According to the U.S. Social Security Administration, it is a best practice in higher education for an institution to assign another primary identifier for most university transactions while the SSN remains in the university database as a secondary identifier. That is what we do at UD. For employees, a “University of Delaware Identification Number” (UD ID) is assigned when an employee is hired and appears on most university forms as that employee’s identifier. The same process of assigning unique UD ID identification numbers is used for students. Your UD ID cannot be used by itself to access your private information. SSNs do not appear on UD-issued identification cards, procurement cards, or any UD public posting.

UD collects and uses SSNs only as necessary for the performance of the University’s duties and responsibilities and as required by law. The University uses the SSN as a unique identifier for many business and financial purposes:

  1. to process payroll and other human resource information, including health and retirement benefits registration and processing, tax reporting, unemployment and workers compensation,
  2. for payments to vendors and independent contractors,
  3. as part of the process of making financial aid awards, including grants, loans, work-study awards, and other forms of financial aid,
  4. for student account collections,
  5. as part of admissions and enrollment processes, and
  6. to facilitate planned giving reporting.

UD is dedicated to ensuring the privacy and proper handling of SSNs of its students, employees, and individuals associated with the University.

Will the University change the way they store Social Security numbers as a result of this incident?
We continually assess and improve our information security policies and procedures to ensure we are in line with both IT industry and higher education IT best practices. Further, we are evaluating our systems and processes in consultation with the FBI, our data security consultant, and other universities whose systems have been breached in the recent past. UD complies with HIPAA, FERPA and all other federal and state laws designed to protect your private information. UD will continue to exercise caution and continually improve safeguards for protecting your personal information.