Campus Forum: Protecting Your Identity in Light of the Accellion Security Incident at the UC Office of the President
-On December 24, 2020, UC’s Accellion File Transfer Appliance (FTA) was the target of an international attack.
-UC data was accessed without authorization and some of this data was posted on the Internet.
-The impacted information may include:
-Names, addresses, telephone numbers, SSNs, driver’s license and passport information, financial information including bank routing and account numbers, health and related benefit information, disability information and birthdates, as well as other personal information.
-The potentially affected population includes:
-Employees (current and former including retirees as well as dependents and beneficiaries)
-Students
-Others who have participated in UC programs
-The University values privacy and security and is enhancing the safeguards and protections of its information and systems.
-The University has decommissioned the Accellion FTA and is in the process of transitioning to a more secure solution.
-The University is cooperating with the FBI and working with external cybersecurity experts to investigate this matter and determine what happened, what data was impacted and to whom the data belongs.
-Within the next 45 to 60 days, UCOP expects to send appropriate individual notifications to those people whose personal information was impacted and whose current contact details are available to the University.
Starting today, Experian will send emails, on behalf of the University, directly to a broad set of community members whose information may be affected. The emails contain updated information about what happened, the response, and available credit protection services. In addition, the University has a website - ucal.us/datasecurity - that provides FAQs, contact information for Experian, etc.
Questions not answered on these sites can be directed to communications@ucop.edu.
For Questions Related to the Experian Services
Experian has set up a dedicated call center available toll free in the U.S. at (866) 904-6220.
M-F 6 a.m. to 8 p.m. PT and from 8 a.m. to 5 p.m. PT Saturday and Sunday.
You can:
-Sign up for Experian Credit Monitoring and Identity Protection
-You, spouse, minor children
-Adult children, beneficiaries
-Students: have parents sign up as well
-Consider placing a fraud alert on your credit file (consider a Credit Freeze if you are not actively using your credit)
-Enable two-factor authentication on all personal financial or social media accounts
-Consider installing and use LastPass password manager available to all UCLA faculty, staff and students at no cost.
-Examine alerts and monitor accounts
-A “Fraud Alert” ensures that banks, credit card companies and other lenders notify you and confirm your identity before issuing credit or loans.
-To place a fraud alert on your credit report, you must contact one of three credit bureaus below and the other two credit bureaus will automatically add the fraud alert.
-A “Credit Freeze” is a tool that you can use to prevent unauthorized individuals from taking out a loan or credit card in your name. It “freezes” access to your credit report, which lenders require before issuing funds.
-To place a security freeze on your credit report, you must contact all three of the credit bureaus.
-Equifax: https://www.equifax.com/personal/ (1-800-685-1111 / 1-800-349-9960)
-Transunion: https://www.transunion.com (1-888-909-8872)
-Experian: https://www.experian.com (1-888-397-3742)
First of all, don’t panic if you get an alert.
-Not all data creates the same level of risk.
-Follow the recommendations provided by Experian
-If you are not clear on what actions to take, visit the FAQ at ucal.us/datasecurity that explains all of the Experian notification alerts or contact Experian’s Customer Care.
-Attackers may pretend to be the IRS and FBI agents (or other government officials). Government Officials likely will not contact you via phone or email. They will send a letter or show up in person.
-If the attackers pretend to be customer service representatives, offer to call them back from the official number on their website. Ask for an employee ID and any other incident ID. Do not call any phone number that they provide you.
-If you receive a scam email or phone call, notify your campus security (security@ucla.edu) that this attempt happened and share it with others in your department or community.
Financial Accounts
Anytime your personal information is compromised you should consider how that information can be used. Even if your SSN or banking information was not compromised you should consider some additional steps to protect your financial accounts.
-Bank/Investment Accounts — notify your bank and ask them to set heightened restrictions on any transfers from the account.
-SSA — You can set up a MySocialSecurity Account and set up ‘Extra Security’.
-IRS — You can get an Identity Protection PIN. This PIN will be required to submit a return and prevents someone from filing a tax return under your name.
-Cellphone providers — most cell phone providers have a feature called porting protection which prevents someone from taking over your cell number. You might also consider SPAM call blocking services.
-Credit report — Normally, you can get a free copy of your credit report from each bureau once every 12 months at AnnualCreditReport.com. Through April 2022, however, you can request a free copy of your credit report every week.
Identity Theft Is A Crime
If you ever suspect that you are the victim of identity theft or fraud, you can contact your local police, the UCPD, or visit www.identitytheft.gov.
-File a police report, and ask for a copy of the report, for your records.
-If you signed up for Experian services, you should contact them to start the restoration services.
-File a complaint with the Federal Trade Commission. (https://www.identitytheft.gov/)
-File a complaint with your state Attorney General.
-Keep detailed records.
-Retain originals of supporting documentation, such as police reports and letters to and from creditors. When requested to produce supporting documentation, send copies.
-Keep old files, even if you believe the problem is resolved.
You can:
-Enroll in Experian’s Credit Monitoring and Identity Protection.
-Employees, retirees, spouse, minor children
-Adult children, dependents, beneficiaries
-Students: have parents sign up as well
NOTE - All adults (18 and over) must sign up on their own. Minors can be added to their parents’ accounts.
-Place a fraud alert or freeze on your credit file
-Enable two factor authentications on your personal accounts
-Use a password manager
-Investigate the alerts received from Experian and monitor your accounts
To report a scam or other security incident, email: security@ucla.edu
To sign up for LastPass Premium - https://www.ociso.ucla.edu/services/lastpass