FAQ Data Security
Is SOLAR and RangerCard information affected by the malware attack?
No, SOLAR and RangerCard information is not affected. That information is secure.
I received an email from UW-Parkside about a security incident. What happened?
On March 16, 2014, the university determined that a server which hosted student information had been attacked by malware.
Immediately upon discovering the potential issue, the server was shut down, and the UW-Parkside Police and Public Safety Department, and UW System administration were notified.
Working with an international computer forensic investigative firm, it was determined that the malware was most likely written to look for payment systems. No credit card information was on the server. As a precaution, however, the university is notifying all affected students of the possible data exposure.
Who was affected by the unauthorized access?
The server contained 15,000 records of admitted or enrolled students; all affected persons will be contacted via email and regular USPS mail.
Have fall 2014 applicants been affected?
No, because students who have already applied for the fall 2014 semester have not provided a Social Security number.
Does that mean someone stole my Social Security number?
Given the purpose of the malware, it is unlikely but not impossible that your Social Security number was accessed.
How did it occur?
The cause of the unauthorized access is currently under investigation by UW-Parkside Campus Technology Services.
How is the university responding?
The university is contacting each of the 15,000 admitted or enrolled students who may have been affected by the unauthorized access.
The university has established a dedicated email address datasecurity@uwp.edu, and FAQ website to help answer any additional questions.
For security reasons, do current students, faculty and staff need to be issued new university IDs?
No, there has been no issue in any of our other data systems that indicate new university IDs should be issued.
What time period does the data cover?
This affects students who were admitted, enrolled or graduated from the university since fall 2010.
Has anyone reported a problem with his or her Social Security number due to this incident?
Thus far, UW-Parkside is not aware of any reports of fraud or misuse related to this incident.
How did UW-Parkside discover the exposure?
It was discovered by Campus Technology Staff during the course of routine maintenance. Immediately upon discovering the discrepancy, the server was shut down.
Is this information still at risk of disclosure to an unauthorized person?
No, the files have been moved to a secure location.
Should I contact the Social Security Administration and change my Social Security number?
The Social Security Administration very rarely changes a person's Social Security number. The possibility that your Social Security number was accessed by malware would probably not be viewed as justification for such a change. For more information, the Social Security Administration web site is available at: http://www.ssa.gov/.
Should I close my financial and credit card accounts?
No. There was no financial information of any kind in the database. You should, as good practice, always review your credit card statements for any unauthorized transactions.
Will UW-Parkside contact me to ask for private information because of this event?
No. In similar cases at other institutions, people have reportedly been contacted by individuals fraudulently claiming to represent the institution that notified the individual of the security exposure, they proceed to ask for personal information, including Social Security numbers and/or credit card information. Please be aware that UW-Parkside will contact you only in regard to information outlining steps you could take to prevent possible fraud or identity theft. We will not ask for your full Social Security number. We will not ask for any credit card or bank information. We will not ask you for any password or passphrase. We recommend that you do not release personal information in response to any contacts of this nature that you have not initiated.
What can I do to protect myself?
Monitor your credit report and credit card statements; see additional actions to help reduce your chances of identity theft at the end of this FAQ.
Is there a police report case number associated with the unauthorized access?
The UW-Parkside Police and Public Safety report case number is 14-567. A police case number is often required if you are attempting to place a security freeze on your credit file.
What protection is available for minors under the age of 18?
If you are a minor and believe that you have been a victim of identity theft, you should immediately notify the three major credit reporting agencies first by telephone and then in writing. The agencies will ask you for your name and Social Security number and other information. In the event that a file is found in your name or Social Security number, you will be informed that a fraud alert will be placed on your file. The credit reporting agencies will also send you instructions on how to get your credit report. You should keep a detailed log of the name, phone number, and title of each person with whom you speak and a summary of the conversation.
What should I do now?
You may wish to periodically request a free credit report to ensure accounts have not been activated without your knowledge. Every consumer, whether or not their data has been involved in a security exposure, can receive one free report every 12 months from each of the three national credit bureaus. In fact, it is a good practice for all consumers to order a free credit report from one of the three credit bureaus every four months, in order to continually monitor your accounts every year.
For more information on free credit reports, see http://www.consumer.ftc.gov/articles/0155-free-credit-reports.
You may order your free credit reports online or by mail at http://www.annualcreditreport.com; by phone at 1-877-322-8228.
What do I look for on my credit reports?
When you receive your credit reports, review them carefully. If you find any items you don't understand on your report, call the credit bureau at the number given on the report. Credit bureau staff will review your report with you.
Should I request a fraud alert with the national credit bureaus?
Individuals whose Social Security number was involved in an unauthorized access may consider requesting a fraud alert on their credit bureau records. A fraud alert is a message that credit issuers receive when someone applies for new credit in your name. The message tells creditors that there is possible fraud associated with the account and gives them a phone number to call (yours) before issuing new credit. You can contact the fraud department at any one of the three major credit bureaus:
Trans Union: 1-800-680-7289 http://www.transunion.com
Experian: 1-888-397-3742 http://www.experian.com
Equifax: 1-888-766-0008 http://www.equifax.com
As soon as one credit bureau confirms your fraud alert, the other two credit bureaus will be automatically notified to place fraud alerts.
You should be aware that a fraud alert may make it more difficult for you to obtain credit or process financial transactions, and you should exercise caution in doing so. While it will not affect your credit, it will slow down the credit application process.
How do I request a credit freeze?
You may request a credit freeze directly with the three credit bureaus below. Activating a credit freeze varies by state. To place a freeze, send a letter by certified mail to each of the three credit bureaus or use the URL provided:
Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
https://www.freeze.equifax.com/
Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
https://www.experian.com/freeze
Trans Union Security Freeze
P.O. Box 6790
Fullerton, CA 92834-6790
https://annualcreditreport.transunion.com/fa/securityFreeze/landing
Additional information and instructions may be found on the Federal Trade Commission's website: http://www.consumer.ftc.gov/articles/0275-place-fraud-alert
Similarly, you may consider requesting the credit bureaus place a "credit freeze" (also referred to as a "security freeze") on your credit. For more information, see: http://www.in.gov/attorneygeneral/2411.htm.
For each, you must:
- Provide your full name (including middle initial suffix) address, Social Security number, and date of birth;
- If you have moved in the past five years, supply the addresses where you have lived over the prior five years.
- Provide proof of current address such as a current utility bill or phone bill
How is a security freeze different from a fraud alert?
Creditors are permitted to ignore the fraud alert and could extend credit anyway. A security freeze prohibits them from extending credit unless the freeze is temporarily lifted by the consumer.
An initial fraud alert lasts 90 days. An extended fraud alert lasts seven years. A security freeze is indefinite, lasting until the consumer lifts it.
An initial fraud alert just takes one phone call to setup or can be done online. An extended fraud alert requires that a crime has occurred and that you file an identity theft report.
What should I do if I discover fraudulent use of my personal information?
If you find suspicious activity on your credit reports or have reason to believe your information is being misused, you should file a complaint with the FTC at http://www.consumer.gov/idtheft or at 1-877-ID-THEFT (438-4338). Your complaint will be added to the FTC's Identity Theft Data Clearinghouse, where it will be accessible to law enforcement agencies for their investigations. The FTC also will advise you on further steps to take in the event your information is being used illegally
What will UW-Parkside do to prevent this from happening again?
We care about the privacy of our students and are continually updating our security to help prevent unauthorized access.
What are some other actions I can take to keep my personal data secure?
As a general privacy protection measure, you should limit the use of your Social Security number where it is not required. For example, if your bank account number or PIN is your Social Security number, you should ask the bank to give you a different number. Do NOT use the last four digits of your SSN, your mother's maiden name, or your birth date as a password for financial transactions. See http://kb.iu.edu/data/anre.html for more information on preventing identity theft.
ADDITIONAL ACTIONS TO HELP REDUCE YOUR CHANCES OF IDENTITY THEFT
Trans Union: 1-800-680-7289 http://www.transunion.com
Experian: 1-888-397-3742 http://www.experian.com
Equifax: 1-888-766-0008 http://www.equifax.com
ORDER YOUR FREE ANNUAL CREDIT REPORTS
Visit http://www.annualcreditreport.com or call 877-322-8228. Once you receive your credit reports, review them for discrepancies. Identify any accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company.
USE TOOLS FROM CREDIT PROVIDERS
Carefully review your credit reports and bank, credit card and other account statements. Be proactive and create alerts on credit cards and bank accounts to notify you of activity. If you discover unauthorized or suspicious activity on your credit report or by any other means, file an identity theft report with your local police and contact a credit reporting company.
PLACE A 90-DAY FRAUD ALERT ON YOUR CREDIT FILE
An initial 90 day security alert indicates to anyone requesting your credit file that you suspect you are a victim of fraud. When you or someone else attempts to open a credit account in your name, increase the credit limit on an existing account, or obtain a new card on an existing account, the lender should takes steps to verify that you have authorized the request. If the creditor cannot verify this, the request should not be satisfied. You may contact one of the credit reporting companies below for assistance.
PLACE A SECURITY FREEZE ON YOUR CREDIT FILE
If you are very concerned about becoming a victim of fraud or identity theft, a security freeze might be right for you. Placing a freeze on your credit report will prevent lenders and others from accessing your credit report entirely, which will prevent them from extending credit. With a Security Freeze in place, you will be required to take special steps when you wish to apply for any type of credit. This process is also completed through each of the credit reporting companies.
MANAGE YOUR PERSONAL INFORMATION
Take steps such as: carrying only essential documents with you; being aware of whom you are sharing your personal information with and shredding receipts, statements, and other sensitive information.
OBTAIN MORE INFORMATION ABOUT IDENTITY THEFT AND WAYS TO PROTECT YOURSELF
Visit http://www.experian.com/credit-advice/topic-fraud-and-identity-theft.html for general information regarding protecting your identity.
The Federal Trade Commission has an identity theft hotline: 877-438-4338; TTY: 1-866-653-4261. The FTC also provides information online at http://www.ftc.gov/idtheft
The U.S. Attorney General recently advised all consumers to take some basic steps that could protect their information from being misused, now or in the future. Review the tips here: http://www.oag.state.md.us/Press/2014/022014.html