IT security breach
UD experiences IT security breach, provides free services, resources for those affected
UPDATE: 3 p.m., Aug. 19, 2013--The University of Delaware has concluded its investigation into the July data security breach. The investigation determined that more than 74,000 individuals were affected, among them fewer than 2,000 not in the initial group of current and past employees. The second group includes individuals who have received some payment from the University. They were sent notification letters on August 16 offering the same credit-monitoring and protection services as the initial group.
9:30 a.m., July 30, 2013--The University of Delaware is notifying the campus community that it has experienced a cyberattack in which files were taken that included confidential personal information of current and past employees, including student employees. A criminal attack on one of the University’s systems took advantage of a vulnerability in software acquired from a vendor.
The University sent notification letters dated July 29, 2013, to more than 72,000 affected persons and offered them free credit monitoring. Approximately one-third have active UD email accounts and will have received an email notification as well.
The confidential personal information includes names, addresses, UD IDs (employee identification numbers) and Social Security numbers.
Individuals with UDelNet IDs and passwords can check to see they are affected by this incident by using the IT Security Verification application on a special IT Security Response website.
The University took immediate corrective actions and is working closely with Federal Bureau of Investigation officials and Mandiant, a leading private computer security firm, on the issue. The University continues to investigate the scope of the attack. While this forensic investigation is underway, the University is taking steps to protect itself from future cyberattacks.
The University has retained the services of Kroll Advisory Solutions, a global leader in risk mitigation and response that will provide free credit monitoring services to the employees whose information was compromised. Affected individuals who want to take advantage of the services will receive instructions on how to do so in their notification letter.
Some email messages from Kroll Advisory Solutions were diverted into recipients' spam, junk or trash folders, and persons who think they might be affected should check there. Kroll's licensed investigators are available from 9 a.m.-8 p.m., Monday through Friday, through Aug. 30. After Aug. 30, telephone hours are 9 a.m.-6 p.m., Monday through Friday. Those affected are reminded that the coverage extends three years from the date of notification and that they have six months to enroll in the free service. To contact Kroll Advisory Solutions, call 1-877-309-0016.
UD’s IT Security Response website provides information on the situation and answers to frequently asked questions. It will be updated as more information becomes available.