News
Update on third party data incident affecting University community
The University received an update on the third-party data security incident this summer affecting thousands of organizations, including many colleges and universities. While UD's systems were not compromised, UD is providing its community this update because data privacy and security are important to the University.
The service providers affected by this incident utilized MOVEIt transfer software for various business functions and that software had a vulnerability.
For employees
Since our first announcement, the University learned some current employees who utilize TIAA services also were affected by this incident.
The University also has learned The Hartford, Genworth and PNC Institutional Asset Management were affected through their interaction with the same subprovider, Pension Benefit Information, LLC. If your personal information was compromised, you should have received or will soon receive notification from PBI or one of these service providers detailing identity or credit monitoring services they will be offering.
Here are links and telephone numbers for these companies if you have questions for them:
- TIAA FAQs, 866-373-7560
- PBI FAQs
- The Hartford, 866-676-3915
- Genworth info, 1-888-436-9678
For students
The analysis from National Student Clearinghouse (NSC) indicates while a small number of students had some directory information compromised, none of our students to this point had social security numbers, student identifiers or course/transcript data compromised as a part of this incident. NSC will, however, notify only those students for whom notification requirements have been identified via mail to their permanent mailing address detailing the identity or credit monitoring services they will be offering. If that address is away from campus, ask your parent, guardian or family member to look for it. Read NSC FAQs here.
We know these incidents can be troubling and inconvenient. These data incidents are becoming more common, so it’s worth reiterating the general tips from UD’s Center for Cybersecurity & Data Intelligence to help protect yourself. You can watch a series of videos on protecting your data, becoming cybermindful and avoiding phishing attacks on the center’s website. You can find additional information on how to help protect yourself online on UDit’s Security & Safe Computing page.
Best practices include:
- Stay alert for phishing scams. These are emails, phone calls or other communications which appear genuine but are designed to steal your information or install computer viruses. Do not click links from suspicious emails, go directly to the organization website for more information.
- Monitor all financial accounts. Regularly check your credit card, credit report, bank accounts, etc. and if you notice any suspicious activity, report it to the financial institution immediately.
- Consider using fraud alerts or freezing your credit. More information on credit freezing is available at usa.gov.
- Update passwords. Also, use different username and password combinations across different websites. Take advantage of multifactor login whenever possible.
The University will continue to monitor the situation and inform our community of any changes or updates.