Dear UConn Community Member,
On June 20, 2005 University Information Technology Services received
notification from a non-University corporation that an invalid logon
attempt had originated from a computer within the University of
Connecticut domain. This automated notification was investigated
by UITS
technical staff and it was discovered that a hacking incident had
resulted in an unauthorized program, known as a rootkit, being
installed
on a UITS data center server.
After further investigation it was determined that this server
contained
personal data for 72,000 individuals that possessed or had been
issued a
UConn NetId since October 26, 2003. This data was potentially at
risk of
being compromised by the hacker. The data being maintained for these
individuals include Social Security Number, Name, Date of Birth,
University Address, University Phone Number and Department Name.
Based
on forensic analysis there is no indication that any of the data on
the
machine was actually compromised - only that the opportunity for
someone
to access it existed.
While we have no indication that any of the information maintained on
the server has been compromised we are encouraging members of the
University community to monitor financial records over the next
several
months carefully. You may decide to place a fraud alert with the
three
national credit reporting agencies. A fraud alert does not affect
your
credit score or your credit rating. When a fraud alert is placed on
your
credit report, credit companies should contact you before approving
a new
application for credit under your name. The three credit reporting
agencies are able to respond to your concerns regarding fraud
alerts and
their impacts. Thanks to a new federal law, consumers can get one
free
credit report per year from each of the three national credit bureaus:
Equifax, Experian and Trans Union. Contact information for these
will be
available via the web site, noted below, that is devoted to this
incedent.
If, after a review of your credit report, you believe a crime
(fraud/identity theft) has been committed against you as a result
of this
incident, you should report your crime to your local law enforcement
agency.
In order to answer any questions that you may have regarding this
incident a special phone line, 486-1988 (toll free 1-888-464-8266),
has
been activated and will be monitored by the IT Security Office. We
have
also created a web site, incident.uconn.edu, which will provide
additional information and updates regarding this incident which is
being
investigated by UConn Police. You may also phone the UITS Help
Center at
486-HELP, for assistance in locating various resources that you may
need.
We will provide additional information to you as it becomes available.
This represents the University's official notification to you
regarding
this incident. As a further security measure be advised that the
University will not be soliciting further information from you. As
always, caution should be taken with regard to any future request
made to
you regarding your personal information. To ensure timely
distribution
of this notice, we are also notifying Connecticut media of this
incedent.
We regret any inconvenience that this incident may cause and are
working
hard to ensure that such an incident won't reoccur.
Sincerely,
Michael Kerntke
Chief Information Officer
University of Connecticut