[CITL] Notice of Breach Email Being sent out

Dewight F Kramer dewight.kramer at ucr.edu
Wed May 12 12:57:30 PDT 2021 

Hello CITL,

I have received word that there is some confusion about an email that has been sent out on behalf of UCOP.  I want to share with you that this notice is legitimate and will be reaching our community over the next few days.   Below is an example of the notice, which matches what is now on the UCOP Website (https://ucnet.universityofcalifornia.edu/data-security/index.html)

Thank you,

Dewight Fredrick Kramer
Chief Information Security Officer
Information Technology Solutions
University of California, Riverside
•  (951) 827-3070| • dewight.kramer at ucr.edu<mailto:dewight.kramer at ucr.edu>
[cidimage001.png at 01D7425D.25491FE0]



From: University of California <no-reply at marketing.csid.com<mailto:no-reply at marketing.csid.com>>
Sent: Wednesday, May 12, 2021 10:14 AM
To:
Subject: NOTICE OF DATA BREACH


[cid:image002.gif at 01D7472E.5DEA41A0]
[Logo]
[cid:image002.gif at 01D7472E.5DEA41A0]

[cid:image002.gif at 01D7472E.5DEA41A0]
NOTICE OF DATA BREACH
[cid:image002.gif at 01D7472E.5DEA41A0]


[cid:image002.gif at 01D7472E.5DEA41A0]

Dear [NAME],


As the University of California (UC) previously disclosed in communications to students, staff and faculty, and retirees in early April, UC experienced a security event with its Accellion file transfer appliance (FTA).


You are a valued member of the UC community and we wanted to provide you with up-to-date information on what happened and what we are doing. This notice includes important reminders about the free credit monitoring and identity theft protection services available to you.


A version of this notice is available in Chinese<https://ucnet.universityofcalifornia.edu/data-security/accellion-docs_chinese.html> and Spanish<https://ucnet.universityofcalifornia.edu/data-security/accellion-docs_spanish.html>.


What Happened?


On December 24, 2020, UC’s Accellion FTA was the target of an international attack, where perpetrators exploited a vulnerability in the application. Over 100 organizations were similarly attacked, including universities, government agencies and private companies. In connection with the attack, certain UC data was accessed without authorization. We identified on March 29, 2021 that some of this data was posted on the Internet.


When the University discovered the issue, we took the system offline and patched the Accellion vulnerability. We are in the process of transitioning to a more secure solution. The University is cooperating with the FBI and working with external cybersecurity experts to investigate this matter and determine what happened, what data was impacted and to whom the data belongs.


There is no evidence that other University systems were impacted.


To inform and protect the UC community, UC notified community members via email, hosted interactive workshops at several campuses and posted online information about the event and how individuals can protect themselves. The University also arranged for free credit monitoring and identity theft protection services for the entire University community through Experian IdentityWorks.


Many UC community members have already signed up for this service. If you have not already signed up for services through Experian IdentityWorks, we encourage you to register.

  *   Visit the Experian IdentityWorks website to enroll by April 10, 2022:
     *   For adults with a Social Security number, visit www.experianidworks.com/rr3bplus<http://www.experianidworks.com/rr3bplus>
     *   For minors with a Social Security number, visit www.experianidworks.com/minorplus<http://www.experianidworks.com/minorplus>
     *   For individuals without a Social Security number, visit http://www.globalidworks.com/identity1
  *   Enter your activation code: UCOPVJG6KWRQN

Additional information regarding these services is included below.  Please note that activation codes are good for one enrollment per code. The universal code shared in earlier communications will be retired.


The University has established a dedicated call center to answer questions regarding the event and these services, and to provide assistance with registration, if needed.  The call center is available toll free in the U.S. at (866) 904-6220 from 6:00AM to 8:00PM PT on Monday through Friday and from 8:00AM to 5:00PM PT on Saturday and Sunday.  Be prepared to provide engagement number B012756 as proof of eligibility for the Experian services.


**PLEASE NOTE: If you have already enrolled in the free credit monitoring and identity theft protection services with Experian, you do not need to re-enroll.


What Information Was Involved?


While the investigation is ongoing, evidence shows that an unauthorized third party gained access to files that contain personal information relating to members of the UC community, including employees (current and former) and their dependents, retirees and beneficiaries, and current students, as well as other individuals who participated in UC programs.


The impacted information may include full names, addresses, telephone numbers, Social Security numbers, driver’s license information, passport information, financial information including bank routing and account numbers, health and related benefit information, disability information and birthdates, as well as other personal information.


What We Are Doing.


In addition to notifying individuals and providing free credit monitoring, the University is working to identify and notify the community members whose personal information was impacted. These investigations take time, and we are working deliberately, while taking care to provide accurate information as quickly as we can. Within the next 45 – 60 days, you can expect to receive an individual notification, through Experian, if your personal information was impacted (provided your current contact information is on file with the University).


As we transition to a new file transfer system with enhanced security controls, we are deploying additional system monitoring broadly throughout our network, conducting a security health check of certain systems and enhancing security controls, processes and procedures. We are also reviewing and updating our security policies, procedures and controls.


What You Can Do.


We request that University community members remain vigilant against threats of identity theft or fraud. You can do this by regularly reviewing and monitoring your account statements and credit history for any signs of unauthorized transactions or activity. If you ever suspect that you are the victim of identity theft or fraud, you can contact your local police.


Additionally, it is also always a good idea to be alert for “phishing” emails or phone calls requesting sensitive information, such as passwords, Social Security numbers or financial account information. These requests often come from a sender pretending to be a company you do business with or a person you know. We also recommend that you use multifactor authentication for your online accounts when offered.


Visit UCnet’s Accellion Data Breach page<https://ucnet.universityofcalifornia.edu/data-security/index.html> for more information about how to protect yourself and to find answers to your questions about the data breach and the free credit monitoring and identity theft protection services UC is offering through Experian IdentityWorks.


Sincerely,

[Michael Drake Signature]


Michael V. Drake, MD

President, University of California



ADDITIONAL DETAILS REGARDING YOUR ONE-YEAR
EXPERIAN IDENTITYWORKS MEMBERSHIP


Many UC community members have already signed up for this service. If you have not already signed up for services through Experian IdentityWorks, we encourage you to register.

  *   Visit the Experian IdentityWorks website to enroll by April 10, 2022:
     *   For adults with a Social Security number, visit www.experianidworks.com/rr3bplus<http://www.experianidworks.com/rr3bplus>
     *   For minors with a Social Security number, visit www.experianidworks.com/minorplus<http://www.experianidworks.com/minorplus>
     *   For individuals without a Social Security number, visit http://www.globalidworks.com/identity1.
     *   Enter your activation code: UCOPVJG6KWRQN

Services for Adults with a Social Security Number


This product includes credit monitoring from all three bureaus, access to your Experian credit report, Internet Surveillance, $1M identity theft insurance* and full-service identity restoration.


You can contact Experian immediately regarding any fraud issues, and have access to the following features once you enroll in Experian IdentityWorks:

  *   Experian credit report at signup: See what information is associated with your credit file.  Daily credit reports are available for online members only.**
  *   Credit Monitoring: Actively monitors Experian, Equifax and TransUnion files for indicators of fraud.
  *   Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.
  *   Identity Restoration***: Identity Restoration specialists are immediately available to help you address credit and non-credit related fraud.
  *   Experian IdentityWorks ExtendCARETM:  You receive the same high-level of Identity Restoration support even after your Experian IdentityWorks membership has expired.
  *   $1 Million Identity Theft Insurance*:  Provides coverage for certain costs and unauthorized electronic fund transfers.
  *   Lost Wallet: Provides assistance with canceling/replacing lost or stolen credit, debit, and medical cards.
  *   Child Monitoring: For 10 children up to 18 years old, Internet Surveillance and monitoring to determine whether enrolled minors in your household have an Experian credit report are available.   Also included are Identity Restoration and up to $1M Identity Theft Insurance*.

Services for Minors with a Social Security Number


This product includes Internet Surveillance, Social Security Number Trace, $1M identity theft insurance* and full-service identity restoration.


You can contact Experian immediately regarding any fraud issues and will have access to the following features once you enroll in Experian IdentityWorks for your minor:


  *   Social Security Number Trace: Monitoring to determine whether enrolled minors in your household have an Experian credit report.  Alerts of all names, aliases and addresses that become associated with your minor’s Social Security Number (SSN) on the Experian credit report.
  *   Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.
  *   Identity Restoration***: Identity Restoration specialists are immediately available to help you address credit and non-credit related fraud.
  *   Experian IdentityWorks ExtendCARETM:  Receive the same high-level of Identity Restoration support even after the Experian IdentityWorks membership has expired.
  *   Up to $1 Million Identity Theft Insurance*:  Provides coverage for certain costs and unauthorized electronic fund transfers.

Services for Individuals without a Social Security Number


The product includes the following features:


  *   Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.
  *   Fraud remediation tips: Self-help tips are available on your member center

A credit card is not required for enrollment in ANY Experian IdentityWorks PRODUCT


* The Identity Theft Insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.


** Offline members will be eligible to call for additional reports quarterly after enrolling.


*** The Terms and Conditions for this offer are located at www.ExperianIDWorks.com/restoration<http://www.ExperianIDWorks.com/restoration>.


ADDTIONAL INFORMATION


To protect against possible fraud, identity theft or other financial loss, you should always remain vigilant, review your account statements and monitor your credit reports. Provided below are the names and contact information for the three major U.S. credit bureaus and additional information about steps you can take to obtain a free credit report and place a fraud alert or security freeze on your credit report. If you believe you are a victim of fraud or identity theft, you can contact your local law enforcement agency, your state’s attorney general, or the Federal Trade Commission. Please know that contacting us will not expedite any remediation of suspicious activity.


INFORMATION ON OBTAINING A FREE CREDIT REPORT


U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit reports, visit www.annualcreditreport.com<http://www.annualcreditreport.com> or call toll-free at +1 (877) 322-8228.


INFORMATION ON IMPLEMENTING A FRAUD ALERT OR SECURITY FREEZE


You may contact the three major credit bureaus at the addresses below to place a fraud alert on your credit report. A fraud alert indicates to anyone requesting your credit file that you suspect you are a possible victim of fraud. A fraud alert does not affect your ability to get a loan or credit. Instead, it alerts a business that your personal information might have been compromised and requires that business to verify your identity before issuing you credit. Although this may cause some short delay if you are the one applying for the credit, it might protect against someone else obtaining credit in your name.


In addition to a fraud alert, you may consider placing a security freeze on your credit report.  A security freeze prohibits a credit reporting agency from releasing any information from a consumer’s credit report without written authorization. However, please be aware that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit, mortgages, employment, housing or other services.


A credit reporting agency may not charge you to place, temporarily lift, or permanently remove a security freeze.


To place a fraud alert on your credit report, you must contact one of the credit bureaus below and the other two credit bureaus will automatically add the fraud alert.  To place a security freeze on your credit report, you must contact all three credit bureaus below:

Equifax:
Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
+1 (800) 525-6285 www.equifax.com<https://www.equifax.com/>
Experian:
Credit Fraud Center
P.O. Box 9554
Allen, TX 75013
+1 (888) 397-3742 www.experian.com<https://www.experian.com/>
TransUnion:
TransUnion LLC
P.O. Box 2000
Chester, PA 19016-2000
+1 (800) 680-7289 www.transunion.com<https://www.transunion.com>


To request a security freeze, you will need to provide the following information:


  1.  Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
  2.  Social Security number;
  3.  Date of birth;
  4.  If you have moved in the past five (5) years, the addresses where you have lived over those prior five years;
  5.  Proof of current address such as a current utility bill or telephone bill; and
  6.  A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.).

You may also contact the U.S. Federal Trade Commission (“FTC”) for further information on fraud alerts, security freezes, and how to protect yourself from identity theft. The FTC can be contacted at 400 7th St. SW, Washington, DC 20024; telephone +1 (877) 382-4357; or www.consumer.gov/idtheft<http://www.consumer.gov/idtheft>.


ADDITIONAL RESOURCES


Your state attorney general may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your state attorney general, or the FTC.


California Residents: Visit the California Office of Privacy Protection (https://oag.ca.gov/privacy) for additional information on protection against identity theft.


Iowa Residents: The Attorney General can be contacted at Office of Attorney General of Iowa, Hoover State Office Building, 1305 E. Walnut Street, Des Moines, Iowa 50319, +1 (515) 281-5164, www.iowaattorneygeneral.gov<http://www.iowaattorneygeneral.gov>.


Kentucky Residents:The Attorney General can be contacted at Office of the Attorney General of Kentucky,700 Capitol Avenue, Suite 118Frankfort, Kentucky 40601,www.ag.ky.gov<http://www.ag.ky.gov>, Telephone: +1 (502) 696-5300.


Maryland Residents: The Attorney General can be contacted at Office of Attorney General, 200 St. Paul Place, Baltimore, Maryland 21202; +1 (888) 743-0023; or www.marylandattorneygeneral.gov<http://www.oag.state.md.us/>.


Massachusetts Residents: Under Massachusetts law, you have the right to obtain any police report filed in connection to the incident. If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it.


North Carolina Residents: The Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; +1 (919) 716-6400; or www.ncdoj.gov<http://www.ncdoj.gov/>.


New Mexico Residents: You have rights under the federal Fair Credit Reporting Act (FCRA), which governs the collection and use of information pertaining to you by consumer reporting agencies. For more information about your rights under the FCRA, please visit www.consumer.ftc.gov/articles/pdf-0096-fair-credit-reporting-act.pdf<https://www.consumer.ftc.gov/articles/pdf-0096-fair-credit-reporting-act.pdf> or www.ftc.gov<http://www.ftc.gov>.


Oregon Residents: The Attorney General can be contacted at Oregon Department of Justice, 1162 Court Street NE, Salem, OR 97301-4096, +1 (877) 877-9332 (toll-free in Oregon), +1 (503) 378-4400, or www.doj.state.or.us<http://www.doj.state.or.us>.


Rhode Island Residents: The Attorney General can be contacted at 150 South Main Street, Providence, Rhode Island 02903; +1 (401) 274-4400; or www.riag.ri.gov<http://www.riag.ri.gov>. You may also file a police report by contacting local or state law enforcement agencies.
[cid:image002.gif at 01D7472E.5DEA41A0]






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucr.edu/pipermail/citl/attachments/20210512/8d847f72/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 10540 bytes
Desc: image001.png
URL: <https://lists.ucr.edu/pipermail/citl/attachments/20210512/8d847f72/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 49 bytes
Desc: image002.gif
URL: <https://lists.ucr.edu/pipermail/citl/attachments/20210512/8d847f72/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 24533 bytes
Desc: image003.png
URL: <https://lists.ucr.edu/pipermail/citl/attachments/20210512/8d847f72/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 20754 bytes
Desc: image004.png
URL: <https://lists.ucr.edu/pipermail/citl/attachments/20210512/8d847f72/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 68 bytes
Desc: image005.png
URL: <https://lists.ucr.edu/pipermail/citl/attachments/20210512/8d847f72/attachment-0007.png>

More information about the CITL mailing list