Information on Computer
Security Incident at UW-Milwaukee
Below are some of the questions we’ve anticipated or received about the recent computer security incident that may have exposed records containing the names and Social Security numbers of some current and former UWM employees and students.
Frequently asked questions (Revised Dec. 20, 2011)
1. Is this letter I received, dated Aug. 10, for real?
Yes. The letter was sent by the University of Wisconsin-Milwaukee. The university wanted to inform those potentially affected by a security incident that may have exposed records containing their names and Social Security numbers.
2. When did UWM become aware of the incident?
The university learned of the installation of malware on May 25, and immediately shut down the system and began to investigate. During the course of the investigation, on June 30, 2011, we discovered that the database containing social security numbers was included in the compromised system.
3. What actions were taken when the university discovered the incident?
We immediately shut down the system and reassessed security before restarting it. We also reported the incident to local and federal law enforcement. With the help of a national computer security consultant, the university launched an investigation to determine the source and extent of the security breach.
4. What type of information was on the infected system?
The infected system included a database that contained names and Social Security numbers. No other financial information, like credit card numbers, bank accounts, or loan information was stored in this database. The system also contained other files containing personal data; however, based on forensic analysis, we believe it extremely unlikely that hackers actually accessed any of the other files.
5. What exactly is malware?
According to the Department of Homeland Security website, Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior.
6. Was the information stored in a way that it could be compromised and potentially misused?
The information was stored on a secured server, but even the most secure systems can be infected. Our virus software identified malware on the system that could have allowed unauthorized access.
7. How could this have happened?
Some of these malware attacks are targeted, but many are automated and occur randomly throughout the Internet. Even the most secure systems can be infected. As a result security is a moving target and requires constant improvement.
8. Do we know if any personal information has been misused?
There is no evidence that the unauthorized individuals were aware of your personal data in the compromised database or that it has been retrieved. However, we wanted to make you aware of the incident, suggest steps you could take to monitor your financial information, and let you know what we have done to prevent this from happening in the future.
9. Do we have any idea who is behind the malware attack and/or if the system was compromised?
As with many such incidents, the investigators were not able to identify those who gained access. The university’s investigators theorize the motive was not identity theft, and could find no evidence of attempts to download names or social security numbers.
10. What steps did the university take before contacting me?
With the help of a national computer security consultant, the university launched an investigation to determine the source and extent of the security breach. Once we received the investigators’ report, we were able to identify and start notifying those who may have been affected.
11. In comparison to other breaches, how damaging/serious is this?
There are many other breaches larger than this one. Although, we have no evidence that anyone’s personal information was retrieved or that any information was misused, at UWM we take all security incidents seriously.
12. Was this incident reported to the authorities?
Yes The university reported the incident to local and federal law enforcement
13 Is there anything I should do now to protect my identity and personal information from being misused?
It’s recommended that everyone monitor their financial information by:
- Reviewing bank and credit card statements regularly, and looking for unusual or suspicious activities.
- Contacting appropriate financial institutions immediately upon noticing any irregularity in a credit report or account.
- Request a free credit report and carefully inspect your own credit scores.
14. Does this mean any other information I’ve provided UWM could be accessed? Am I at higher risk for this happening again?
We have no evidence that anyone’s personal financial information was retrieved or that any information was misused. Since learning of this issue, the university has updated the security on the system to assure better protection from such attacks.
15. Why isn’t UWM paying for my credit monitoring?
We found no evidence that any names or Social Security numbers were stolen. There also are no legal requirements that an organization provide credit monitoring even when SSNs or other private information is stolen, and here, as we stated, we found no such evidence. After careful evaluation and because of our concern about this issue, we have tried to do more than is required or is typically done in similar situations.
You are entitled to a free credit report every year. If you are looking for additional ideas for protecting yourself from identity theft, you may contact the Wisconsin Office of Privacy Protection at http://privacy.wi.gov/resources/resources.html. The office’s hotline is: 1-800-422-7128 or you may email the office at DATCPWisconsinPrivacy@wisconsin.gov.
It is always good practice for people to monitor their financial information by:
- Reviewing bank and credit card statements regularly, and looking for unusual or suspicious activities.
- Contacting appropriate financial institutions immediately upon noticing any irregularity in a credit report or account.
- Request a free credit report and carefully inspect your own credit scores.
16. How can I be sure this type of incident won’t occur again?
The University has updated the security on the system to ensure better protection from attacks. Because of the numerous and continuous efforts by unauthorized individuals to access information stored on the internet or computers, security continually needs to be upgraded and improved.
17. Can I have my name and Social Security number removed from this campus database, and why do you retain these records for so many years??
It is a complex issue, but as a public university and a state agency, we have obligations that require us to permanently keep records on those who have attended or worked here. For example, the university may be contacted to verify that a student attended or graduated, or that a former employee worked here. Because we have to respond to these requests, we need to keep records of employees and students. In some cases, especially with older university records, the name and Social Security number are the only way to tie educational or employment information to a specific individual.
We want to emphasize that we have no evidence that any Social Security numbers were taken in the recent security breach, and we have implemented additional security measures to protect your information.
18. I don’t have any affiliation with UWM. How could I be on your database?
At this point, we’re not sure why a small number of people who were notified of the security breach didn’t appear to have any affiliation with the university. We are looking into this issue, but it may take some time to discover why this happened.
19. Why did it take so long to notify me?
Because this was a sophisticated attack, we worked with a national consultant to do a thorough investigation to provide the best information possible about what happened and what information might potentially have been exposed. Although we would have liked to notify everyone sooner, we wanted to make sure that we had accurate information to share, and that we explained the situation clearly.
Although it may seem like it was a long time between when we found indications of a breach and the actual notification letter, we did notify those potentially affected within 45 days of determining that the database was part of the compromised system. 45 days is the timeframe that would be required by state law in the event of a known unauthorized acquisition of private information.
20. How did UWM find addresses for those who were potentially affected?
We used a private national service to match names and Social Security numbers to addresses. This service is legally bound by security and confidentiality requirements. We felt it was important to have the most accurate address list possible to notify those potentially affected.
21. What should I do if I have further questions?
Call 414-229-5040.
22. Where do I get additional information regarding credit agencies and resources?
Here are some resources for more information on protecting personal information.
Trans Union: http://www.transunion.com;
Fraud Victim Assistance Department, (800)680-7289
Equifax: http://www.equifax.com;
Fraud Division, (800) 525-6285
Experian: http://www.experian.com;
Credit Fraud Center, (888) 397-3742
Wisconsin State Office of Privacy Protection: http://privacy.wi.gov/resources/resources.html
To request an annual free credit report: https://www.annualcreditreport.com/cra/index.jsp
Back to Top of PageHow to Protect Your Personal Information
After any security incident involving personal information, it’s a good idea to monitor your credit report. Federal law entitles you to a free copy of your credit report once every 12 months from each of the three major credit reporting agencies – that’s one free every four months. To request this information, call toll-free 877-322-8228 or go to www.annualcreditreport.com.
You may also contact the three major credit reporting agencies directly to get a copy of each report. You may also get a free copy of your report if it is inaccurate because of suspected fraud. The toll-free numbers are:
Experian: 888-397-3742
Equifax (CSC): 888-766-0008
Trans Union: 800-680-7289
Other things you can do to protect against identity theft are:
- Place a fraud alert on your credit report by contacting the credit reporting agencies.
- Subscribe to a credit monitoring service. Most of the credit agencies offer this service for a fee.
- Place a security “freeze” on your credit report if you are sure you have been a victim of attempted identity theft.
- Report suspected identity theft to the Federal Trade Commission (FTC) at: https://www.ftccomplaintassistant.gov.
Other resources that may be helpful in preventing or responding to identity theft are:
- Local law enforcement. A police report of identity theft is helpful when notifying creditors, credit reporting agencies and Social Security.
- Wisconsin Privacy Office at http://privacy.wi.gov/resources/resources.html
- FTC at http://www.ftc.gov/bcp/edu/microsites/idtheft
- Department of Justice: http://www.usdoj.gov/criminal/fraud/websites/idtheft.html
- Privacy Rights Clearinghouse: http://privacyrights.org/identity.htm
- Social Security Administration Fraud Hotline: 800-269-0271
- FTC ID Theft Clearinghouse: 877-438-4338
- Identity Theft Resource Center: 858-693-7935
We are writing to inform you of a computer security incident at the University of Wisconsin-Milwaukee that may have exposed records containing your name and Social Security number. After a thorough investigation, we do not believe the unauthorized individuals targeted or copied any personal information, but we wanted to make you aware of the breach so that you can take steps to prevent any potential misuse of your information.
We first became aware of the situation May 25, 2011, when we discovered that computer hackers had installed malware (computer viruses) on one university server, which housed a software system serving several campus departments and which managed confidential information. We immediately shut down the system and reassessed security before restarting it. We also reported the incident to local and federal law enforcement. With the help of a national computer security consultant, the university launched an investigation to determine the source and extent of the security breach. Several weeks into the investigation, on or around June 30, 2011, we discovered that a database associated with the system was accessible to the hackers. This database included the names and social security numbers of approximately 75,000 individuals associated with the university, primarily current and former employees and students.
As with many such incidents, the investigators were not able to identify those who gained unauthorized access. Investigators theorize that the motive was not identity theft, and could find no proof of attempts to download names or social security numbers.
However, because any incident that potentially exposes personal information could contribute to the risk of identity theft, we encourage you to take steps to protect your identity and monitor your credit reports. We have included information on steps you can take on the other side of this letter.
We want to apologize for any concern or inconvenience this may cause you, and assure you that the university takes computer and data security seriously. We continue to provide strong protection for our systems and campus computers. As a result of this incident, however, we are taking additional security measures.
If you have any questions, visit computersecurity.uwm.edu. We have also set up a toll-free line for you to call if you have any additional questions, at 800-349-8518.
Sincerely,
John McCarragher,
UWM Interim Chief Information Officer
Computer Security Incident Discovered at UW-Milwaukee
For more information, contact:
Tom Luljak, 414-229-5024
Aug. 10, 2011
The University of Wisconsin-Milwaukee is sending letters to approximately 75,000 individuals associated with the university, informing them of a computer security incident that may have exposed records containing their names and Social Security Numbers. Those affected are primarily current and former employees and students.
On May 25, university technology staff found that unauthorized individuals had installed malware (computer viruses) on a university server that housed a software system that managed confidential information for several departments. The university immediately shut down the system and reassessed security before restarting it. The university also reported the incident to local and federal law enforcement. With the help of a national computer security consultant, the university launched an investigation to determine the source and extent of the security breach.
Several weeks into the investigation, on or around June 30, the university discovered that a database associated with the system was accessible to the hackers. This database contained the names and Social Security numbers of approximately 75,000 individuals associated with the university.
As with many such incidents, the investigators have not been able to identify those who gained unauthorized access. Investigators theorize that the motive was not identity theft, and could find no proof of any attempt to download names or Social Security numbers from the database.
The university has provided the affected individuals with information on protecting personal information and monitoring credit accounts to prevent identity theft.
In addition to reassessing security on the affected system to prevent unauthorized access to the database, the university has put in place additional security measures on its information technology systems.
For more information, go to http://www.computersecurity.uwm.edu.
 |