IT security breach

UD experiences IT security breach, provides free services, resources for those affected

TEXT SIZE

UPDATE: 3 p.m., Aug. 19, 2013--The University of Delaware has concluded its investigation into the July data security breach. The investigation determined that more than 74,000 individuals were affected, among them fewer than 2,000 not in the initial group of current and past employees. The second group includes individuals who have received some payment from the University. They were sent notification letters on August 16 offering the same credit-monitoring and protection services as the initial group.

9:30 a.m., July 30, 2013--The University of Delaware is notifying the campus community that it has experienced a cyberattack in which files were taken that included confidential personal information of current and past employees, including student employees. A criminal attack on one of the University’s systems took advantage of a vulnerability in software acquired from a vendor.

The University sent notification letters dated July 29, 2013, to more than 72,000 affected persons and offered them free credit monitoring. Approximately one-third have active UD email accounts and will have received an email notification as well.

FYI Stories

New name, new approach

UD's Office of Communications and Marketing has changed its name to Communications and Public Affairs to better reflect its mission and new goals to enhance the University's external outreach.

Faculty meet up

UD's Horn Program invites all faculty members with interests in design, innovation, technology and creativity to attend an informal meet up on Nov. 21 at the Venture Development Center.

The confidential personal information includes names, addresses, UD IDs (employee identification numbers) and Social Security numbers.

Individuals with UDelNet IDs and passwords can check to see they are affected by this incident by using the IT Security Verification application on a special IT Security Response website.  

The University took immediate corrective actions and is working closely with Federal Bureau of Investigation officials and Mandiant, a leading private computer security firm, on the issue. The University continues to investigate the scope of the attack. While this forensic investigation is underway, the University is taking steps to protect itself from future cyberattacks.

The University has retained the services of Kroll Advisory Solutions, a global leader in risk mitigation and response that will provide free credit monitoring services to the employees whose information was compromised. Affected individuals who want to take advantage of the services will receive instructions on how to do so in their notification letter.

Some email messages from Kroll Advisory Solutions were diverted into recipients' spam, junk or trash folders, and persons who think they might be affected should check there. Kroll's licensed investigators are available from 9 a.m.-8 p.m., Monday through Friday, through Aug. 30. After Aug. 30, telephone hours are 9 a.m.-6 p.m., Monday through Friday. Those affected are reminded that the coverage extends three years from the date of notification and that they have six months to enroll in the free service. To contact Kroll Advisory Solutions, call 1-877-309-0016.  

UD’s IT Security Response website provides information on the situation and answers to frequently asked questions. It will be updated as more information becomes available.

icon-fb icon-tw icon-yt icon-fs
ADVERTISEMENT

News Media Contact

Andrea Boyle Tippett
Office of Communications & Marketing
302-831-1421
aboyle@udel.edu

UDaily is produced by
Communications and Public Affairs

The Academy Building
105 East Main Street
University of Delaware
Newark, DE 19716 | USA
Phone: (302) 831-2792
email: publicaffairs@udel.edu
www.udel.edu/cpa
University of Delaware • Newark, DE 19716
publicaffairs@udel.edu • (302) 831-2792 • ©2012
University of Delaware • Newark, DE 19716 • USA • Phone: (302) 831-2792 • © 2013
Comments|Contact Us|Legal Notices