Cyber Attack

<p>We found out this morning that the computer outages over the last couple of weeks were the result of a cyber attack and that my D's information was compromised.</p>

<p>Very frustrating and I wonder why it took so long for the University to alert us.</p>

<p>Yes my daughters was as well, a nightmare, as she had automatic deposit, so university had a copy of check with her home account when she worked on campus, so now have to go and scramble closing accounts, credit checks monitoring etc. The alert said upwards of 70,000 files were potentially stolen. Also very annoyed it wasn’t made known till today. Happened July 22nd I believe. </p>

<p>What annoyed us, it was by chance a twitter notice was seen by one of my younger kids, told my daughter to check her spam folder (seems that is where the server is dropping the notification if your information was stolen) , anyone who has worked on campus, long since graduation, perhaps will not ever know. They may no longer live at the address the school has on file. My daughter told her friends, not one of them were aware.</p>

<p><a href=“http://www.udel.edu/udaily/2014/jul/resources073013.html[/url]”>http://www.udel.edu/udaily/2014/jul/resources073013.html&lt;/a&gt;&lt;/p&gt;

<p>The confidential personal information includes names, addresses, UD IDs (employee identification numbers) and Social Security numbers.</p>

<p>Individuals with UDelNet IDs and passwords can check to see they are affected by this incident by using the IT Security Verification application on a special IT Security Response website.</p>

<p>samiamy, we were advised by our attorneys to have our daughter IMMEDIATELY prepare the IRS identity fraud affidavit and send it in, which we have done. The purpose of it is to protect against future unknowns. The letter also hit my daughter’s spam folder. I have never been this angry with UD. It seems the breach happened on 7/17 and was known on 7/22. Why they waited this long is completely beyond me. It is nice that they got Kroll services for everyone, but we should have known much earlier. This was not handled well at all. Students with jobs, students who received research grants, summer scholars, TAs, all were affected.</p>

<p>What are Kroll services?</p>

<p>It’s a credit monitoring service that the University has contracted with for three years to support all the people who were impacted.</p>

<p>By submitting the form you mention protects against tax liability if SS # was ever used by another? Do you know if it has any other benefits besides this? Thanks in advance. </p>

<p>Yes, further reading, and again it isn’t known yet, and probably we will never be told who stole it, seems Russia and China are well known for doing this at the University level, was a recent NYT article on it.
I work with protected information and knowing the levels of security within my organization, they dropped the ball on this one, the potential for massive identity fraud from what was taken is astronomical. Surprised it hasn’t made national news, at least if it had been on the national news the former students could avail of the identity theft services. I doubt 3 years of monitoring will be enough.</p>

<p>In the twitter world UD grads are furious they had to find out via facebook and twitter.</p>

<p>

Isn’t that good enough? It also acts as contemporaneous documentation that could be used for any possible eventuality.</p>

<p>I’m pretty furious at how this was handled.</p>

<p>OMG. I am so glad I checked in here. I didn’t see the UDailey article. Just texted my d to see if she has been affected. She is living in Newark this summer to do her internship. Thx zoosermom.</p>

<p>I wanted to add that my d also had her information compromised. I sent her the IRS identity fraud affidavit to fill out and send in. She has held UD jobs…I agree that this is maddening the way it was handled!</p>

<p>Zoosermom, of course it is good enough, and I guess my phrasing was a bit flippant, not what I meant at all. What I wanted to ask, was once this was on file, 10 years down the road, my D SS # is floating out there being used, having this on file, will help remove any other financial liability for her not just tax liability?</p>

<p>our local precinct told usnwhen a breach like this occurs, the identity fraud could happen 10 years from now when ones guard is down, thinking the worst is over.</p>

<p>

That’s what we were told, too, which is why we all need to create as wide a paper trail as possible so that if something ever comes up (ever) we can provide contemporaneous documentation from a variety of sources because, apparently, there are all sorts of unexpected ways that this can pop up. It definitely removes tax liability, but can also provide further protection from creditors and in the event of being denied loans or something. My D is a senior and has her sights on grad school next year. Unfortunately, we can’t pay for that without some loans, so I want to make sure we have a leg to stand on if there is a problem. I am so disheartened by all of this.</p>

<p>Polkadotmom, we were advised by our attorneys to fax the affidavit and then keep a hard copy of the fax and confirmation in a safe place forever with things like birth certificates, passports, etc.</p>

<p>Other than signing up for the Kroll services and filling out the IRS form what else should we be doing? Do we have to contact our local police department?</p>

<p>Banks and the credit monitoring agencies.</p>

<p>Not our local police department?</p>

<p>If I understand correctly, the security web sight says that only employees of the university were hacked, including past and present student employees. Was anyone compromised that was a student only, and not at some point an employee of the university as well?</p>

<p>I’m not sure socaldad. I do know that students who have received research or travel stipends or money for being a TA have all been compromised, so the definition of employee is broader than it might initially seem. It would seem prudent to me to just check on the site to check the status of each person individually.</p>

<p>Stressedx3, we were told that notifying local police wasn’t necessary, but I’m sure it couldn’t hurt.</p>

<p>Has anyone actually received the letter in the mail which was supposed to be mailed last Monday? </p>

<p>All should check, my D has friends who were not in the described categories, and they turned up in the database however they have graduated and not currently students.</p>

<p>According to outside news reports the full extent of what was taken has not been completely realized until complete forensics have been done. What surprised me, and maybe universal to all universities, this information was accessible wirelessly.</p>

<p>We haven’t received the letter in the mail yet, but that’s because my D is a doofus and didn’t register her off campus address.</p>

<p>Our D graduated from UD in 2010. She received a call from one of her classmates who told our D that she had received notification her (classmates) data had been compromised. Our D said she did not believe her classmate fell into any of the categories listed as being at risk (I don’t have independent verification of this). Luckily after our D contacted UD she was told her data was not compromised. I advised her to check again weekly for at least several weeks just to make sure nothing was subsequently uncovered. So it might appear prudent for all students, past and present, to check with UD to see if their data was compromised, even if they do not fall into the identified categories of being at risk. It certainly can’t hurt.</p>