IT security breach

UD experiences IT security breach, provides free services, resources for those affected

TEXT SIZE

UPDATE: 3 p.m., Aug. 19, 2013--The University of Delaware has concluded its investigation into the July data security breach. The investigation determined that more than 74,000 individuals were affected, among them fewer than 2,000 not in the initial group of current and past employees. The second group includes individuals who have received some payment from the University. They were sent notification letters on August 16 offering the same credit-monitoring and protection services as the initial group.

9:30 a.m., July 30, 2013--The University of Delaware is notifying the campus community that it has experienced a cyberattack in which files were taken that included confidential personal information of current and past employees, including student employees. A criminal attack on one of the University’s systems took advantage of a vulnerability in software acquired from a vendor.

The University sent notification letters dated July 29, 2013, to more than 72,000 affected persons and offered them free credit monitoring. Approximately one-third have active UD email accounts and will have received an email notification as well.

FYI Stories

Moving in

Members of the Class of 2018 will move in on Saturday, Aug. 23, with other new and returning students to follow. Many UD offices and departments will offer special hours and services through the weekend.

Gas card policy

University of Delaware Transportation Services has announced a new policy for the Motor Pool, which will no longer issue gas fuel cards for use in refueling vehicles that are being rented from the Motor Pool.

The confidential personal information includes names, addresses, UD IDs (employee identification numbers) and Social Security numbers.

Individuals with UDelNet IDs and passwords can check to see they are affected by this incident by using the IT Security Verification application on a special IT Security Response website.  

The University took immediate corrective actions and is working closely with Federal Bureau of Investigation officials and Mandiant, a leading private computer security firm, on the issue. The University continues to investigate the scope of the attack. While this forensic investigation is underway, the University is taking steps to protect itself from future cyberattacks.

The University has retained the services of Kroll Advisory Solutions, a global leader in risk mitigation and response that will provide free credit monitoring services to the employees whose information was compromised. Affected individuals who want to take advantage of the services will receive instructions on how to do so in their notification letter.

Some email messages from Kroll Advisory Solutions were diverted into recipients' spam, junk or trash folders, and persons who think they might be affected should check there. Kroll's licensed investigators are available from 9 a.m.-8 p.m., Monday through Friday, through Aug. 30. After Aug. 30, telephone hours are 9 a.m.-6 p.m., Monday through Friday. Those affected are reminded that the coverage extends three years from the date of notification and that they have six months to enroll in the free service. To contact Kroll Advisory Solutions, call 1-877-309-0016.  

UD’s IT Security Response website provides information on the situation and answers to frequently asked questions. It will be updated as more information becomes available.

icon-fb icon-tw icon-yt icon-fs
ADVERTISEMENT

News Media Contact

Andrea Boyle Tippett
Office of Communications & Marketing
302-831-1421
aboyle@udel.edu

UDaily is produced by the
Office of Communications & Marketing

The Academy Building
105 East Main Street
University of Delaware
Newark, DE 19716 | USA
Phone: (302) 831-2792
email: ud-ocm@udel.edu
www.udel.edu/ocm
University of Delaware • Newark, DE 19716
ud-ocm@udel.edu • (302) 831-2792 • ©2012
University of Delaware • Newark, DE 19716 • USA • Phone: (302) 831-2792 • © 2013
Comments|Contact Us|Legal Notices