Several months ago, the University of Alaska (UA) became aware that an unknown hacker using an employee’s credentials gained access to UA data systems at the Mat-Su campus. An investigation of the incident found that while sensitive student data stored on a network drive was vulnerable, there was no evidence that data or student information was accessed or stolen.
Approximately 5,416 individual names and social security numbers were on the system that was compromised. For some individuals, educational records, such as transcripts, appeals forms and grant award amounts were present on the hard drive including addresses and phone numbers.
“There is no evidence that there has been any use or attempted use of information exposed in this incident,” said Karl Kowalski, the university’s chief technology officer. “The University of Alaska went through a rigorous and thorough forensics investigation to determine whose information was affected.”
Individuals whose personal data was vulnerable have received a letter from ID Experts explaining the nature of the breech and the actions the university has taken since then to protect them from identity theft or credit fraud. ID Experts is an Oregon-based company that specializes in data breach and recovery services.
Through ID Experts, the university is offering protections including:
- Identity Theft Protection Services
- An insurance policy for those affected that will reimburse them for any fraudulent expenditures resulting from the data breech.
- Complete access to their fraud resolution representatives. With this protection, ID Experts will help resolve issues if an individual’s identity is compromised.
Employees and students who receive a letter from ID Experts and who would like more information should call 1-888-849-1191. Those who did not receive a letter will know their data was not compromised in this incident.
The University of Alaska is committed to protecting individuals’ security and privacy, and takes this incident very seriously. In order to help prevent future situations, this fall, employees and faculty will be required to participate in Information Security Awareness training that will include education on the circumstances, which lead to this incident.