The University of Maryland has lengthened the time of free credit monitoring it will offer to the hundreds of thousands of people whose personal information was compromised during a data breach.
President Wallace Loh said in a statement posted Tuesday on the university’s website that those affected will be offered five years of free credit monitoring. Loh had previously announced that the university would provide one year of free monitoring.
Read more on CBS.
In addition to the notice of 5-year credit monitoring posted on their site today, another statement posted on the university’s web site today outlines other steps the university is taking in response to the breach:
Effective immediately, I am launching a comprehensive, top-to-bottom investigation of all computing and information systems. This includes central systems operated by the University and local systems operated by individual administrative and academic units. This investigation has three missions.
First, we will scan every database to find out where sensitive personal information might be located. Then, we will either purge it or protect it more fully in that database, as appropriate. There are thousands of databases throughout the campus, many created years ago when the environment for cyber threats was different.
Second, we will do penetration tests of the security defenses of our central and local information systems to identify and seal any possible technological gaps through which cyber criminals could get in to search for any information. These probes will be performed on an ongoing basis.
Third, we will review the appropriate balance between centralized (University-operated) versus decentralized (unit-operated) IT systems. There must be policy changes to accompany technical fixes. We understand the needs of individual units to control their own servers and databases. We must also ensure that safeguards at central and local levels are equally robust and tightly coordinated. Our University’s entire cybersecurity system is only as strong as its weakest link.
To execute this threefold mission, I am forming the President’s Task Force on Cybersecurity. It will be led by Professor Ann Wylie, who formerly held the positions of Provost, Vice President for Administration, and Chief of Staff to the President.
The Task Force will have experts from our campus, including from our Maryland Cybersecurity Center. They will be supported by a leading cybersecurity company with advanced hacking capabilities in order to expose potential vulnerabilities in our systems.
I have charged the Task Force to complete its investigation and submit its recommendations to me within 90 days. It will have the full support of my office and the resources it needs to complete its task. I will take all necessary actions based on the Task Force’s recommendations and the results of the forensic analysis now underway.