UR urges campus community to take precautions after data breach

Rush Rhees library at the University of Rochester river campus.

An unknown number of members of the University of Rochester campus community might have had their personal information revealed during a data breach, university officials say.

UR is one of some 2,500 organizations around the globe affected by the cybersecurity attack.

“Our University IT staff is working closely with the FBI and an outside data forensic firm to determine what information was compromised and what possible actions need to be taken,” university officials said in a statement to members of the campus community late last week.

“At this time, we believe faculty, staff, and students could be impacted, but we do not yet know the full scope of the impact to University community members or which personal data was accessed, as the investigation is ongoing,” the statement read.

The data breach “resulted from a software vulnerability in a product provided by a third-party file transfer company,” UR officials said.

Such events are becoming increasingly common, with painful consequences for some of those affected.

The Identity Theft Resource Center's 2022 Data Breach Report counted 1,802 data breaches last year worldwide affecting the data of many tens of millions of individuals.

And Experian, one of the three major credit-rating agencies, reported last autumn on U.S. government statistics showing there were 5.8 million instances of fraud complaints in 2021, up nearly one-fifth from the year before. Financial losses jumped 77 percent to $6.1 billion and consumer identity theft complaints totaled about 1.43 million.

The university pledged updates on the latest data breach’s impact as they become available.

What UR students, faculty and staff should do to protect their data

UR is recommending students, faculty and employees, and those in their families, take these steps:

  • Changing passwords.

  • Ensuring passwords are strong (use of non-letter characters and avoiding names and terms that might be guessed easily).

  • Using two-factor or multi-factor authentication (such as arranging to receive a code by text in addition to typing in your password).

  • Checking credit card records for unauthorized activity.

  • Checking with your bank or credit union to ensure money is not being withdrawn.

“If you notice any suspicious activity, please contact your financial institution and credit monitoring agencies right away,” the UR statement said.

The Federal Trade Commission offers advice for persons who have been beset by identity theft, a possible occurrence when there is a data breach. The potential damage to one’s finances and credit score is considerable; identity thieves might apply for unemployment benefits in your name or use your health insurance to get medical care or open a new credit card in your name or even drain your bank account, the FTC warns.

If your identity is stolen, what to do

Among steps to consider are calling the fraud department of any company or retailer where you see fraud caused by identity theft has occurred. Ask them to close or freeze your account, the FTC suggests. And persons affected should change all logins, passwords and PINs associated with such accounts.

In addition, the FTC recommends asking one of the three credit-rating bureaus to grant a free, one-year fraud alert, which would make it more difficult for others to open accounts in your name. How to reach the bureaus:

Experian: www.Experian.com/help or call 888-EXPERIAN (888-397-3742)

TransUnion: TransUnion.com/credit-help or call 888-909-8872

Equifax: Equifax.com/personal/credit-report-services or call 800-685-1111

Persons facing identity theft may also report the situation to the FTC, through this online form or by calling 1-877-438-4338.

Learn more at identitytheft.gov.

Where UR students, staff can find more information

The University of Rochester invites students with questions to contact the university IT student help desk by either email (univithelp@rochester.edu) or telephone (585-275-2000).

Employees, including both staff and faculty, may reach out with questions to the UR Office of Human Resources help desk by either email (ask-urhr@rochester.edu ) or telephone (585-275-8747).

This article originally appeared on Rochester Democrat and Chronicle: UR data breach: Personal info of campus community potentially compromised