Hackers have recently targeted the University of Chicago, exposing the Social Security numbers and other personal data of students and employees in the Department of Medicine.
On Jan. 22, 2015, university officials learned that cyber criminals breached into the university’s Biological Sciences Division database through an external cyber-attack, stealing personal details of present and former staff and students. The stolen database contained Social Security numbers, names, marital status, usernames, gender information and employee identification numbers — along with some physical addresses and email addresses.
The university said no bank account information was included in the compromised database, though the stolen Social Security numbers present a high risk of identity theft for potential victims.
It is unclear exactly when the breach occurred, but in a letter published on February 19, 2015, Department of Medicine Chairman John Ultmann and Executive Administrator Kenneth Goodell, wrote to university students and staff, “we have corrected the vulnerability and taken steps to prevent this from occurring in the future.” The individuals said the institution pulled in forensics experts to “confirm the nature and scope of the unauthorized access.”
The university is also providing a year of free credit monitoring and identity theft protection to those potentially affected. The letter outlined steps for individuals to activate their accounts and take preventive actions against fraud attempts.
The letter also warned staff and students to watch for phishing. “A phishing email is designed to trick you into giving access to your system or your personal data. These emails will appear to come from people or websites you trust, like your employer, vendors, and bank or credit card companies,” the letter explained, emphasizing that individuals should not click on any suspicious links or attachments contained in questionable emails.
The letter also encouraged individuals to follow standard security procedures to report any suspicious activity.
The number of affected individuals in the data breach remains undisclosed.
This isn’t the first time the University of Chicago has suffered a massive breach. In another incident back in the fall of 2012, a mailing error led the school to expose the Social Security numbers of more than 9,100 employees. The school issued a postcard reminder to employees to re-enroll in school-offered health benefits, but accidentally printed employees’ Social Security numbers right below their addresses. The postcards were not in envelopes.
Following that incident, the school also offered a year of free credit monitoring to all potential victims of the breach.