University of Central Oklahoma discloses hack, notifying those affected
From their website (h/t, KFOR):
Letter to the UCO Community – March 13, 2014
Dear UCO Community Member,
On March 12, 2014, the University of Central Oklahoma discovered a breach of sensitive personal information due to unauthorized access to information stored on one of our servers.
Some members of the university community are being directly notified because their information fell within the parameters of this investigation. Although we have no evidence that an unauthorized user is actually using your personal information, we take the security of your personal information very seriously and are bringing this incident to your attention so that you can take every precaution to protect your personal identity.
Immediately after learning of this event, the university initiated a thorough investigation and discovered that the vulnerable information includes your full name, address, birthdate, social security number, and additional employment information. The university quickly responded to the breach by removing the affected systems from the network.
As a result of this breach, we strongly recommend that you take appropriate steps to protect your identity.
- Place a fraud alert for your information with credit bureaus.
- Periodically run a credit report with the credit bureaus to ensure accounts have not been activated without your knowledge.
- Your financial information is not kept on the server that was accessed. However, if for any reason you believe that your bank account or credit/debit card has been fraudulently used, contact your financial provider.
As the situation develops, we will provide additional information regarding further actions or precautions that you should take.
Meanwhile, please visit http://www.uco.edu/cybersecurity for resources that you can use and steps you can take to protect your identity. Should you have additional questions, please call (405) 974-6977.
Please understand the university will not solicit from you any personal information, including usernames and passwords, by phone, email or otherwise.
We regret the inconvenience this incident presents to you and will continue to keep you informed. Thank you for your understanding and cooperation as we continue to investigate this offense.
SOURCE: University of Central Oklahoma
You may have noticed from the above that we don’t know how many people are affected, when the hack occurred, and whether the information is employee information only, or employees and students. Nor does the statement indicate whether they have confirmed data were stolen or if they were accessed but with no evidence of exfiltration. But it’s early days yet. Stay tuned…