UNF investigates Housing data breach

A recent database breach, discovered June 18 by UNF’s Information Technology department, involved sensitive student information and has affected more than 23,000 students.

The unlawful access involved 23,246 names and Social Security numbers of students who submitted contracts to live on campus between 1997 and spring 2011, said Sharon Ashton, assistant vice president for public relations.

UPD, along with the housing and IT departments, is investigating the incident.

“It’s not clear to us if anything was stolen or copied,” Ashton said. “We just can’t see any evidence.”

To help protect identity, UNF is affording a one-year membership to Experian’s ProtectMyID Alert to students whose names were in the database, Ashton said. This product helps detect identity theft and misuse of personal information and focuses on immediate detection and resolution of possible theft.

IT was first alerted to the possibility of a problem, said Jeff Durfee, director of IT security.

It began an investigation, immediately secured the server and began an incident response, Durfee said. He said the servers were secured through a process of gathering business requirements, assessing the risk, then working to remediate those risks.

Durfee said the old server has since been shut down, and the information moved to a new server.

“We are always evaluating the latest advances made by attackers and coming up with ways to minimize the risks associated with those methods,” Durfee said.

The investigation shows information may have been accessed as early as spring 2011.

The university uses technical controls, such as firewalls, intrusion prevention systems and other traffic control mechanisms, Durfee said. All servers are configured to address various risks that come with having a computer exposed to the Internet.

The student and international affairs department sent emails to students who were involved, Ashton said, and have been attempting to contact remaining students using traditional mail.

The U.S. Post Office letters and the emails were sent out from Dr. Mauricio Gonzalez, vice president of student and international affairs.

Ashton said pulling a list of 23,000 emails and addresses was a joint effort between various offices, but as of June 29 UNF has been unable to contact everyone.

“We didn’t have email addresses for everyone,” Ashton said. “Some students haven’t even been notified yet.”

Students who want to protect their identity through the ProtectMyID Alert service must enroll before Sept. 30 to activate their free one-year membership.

Ashton said the free memberships will cost the university around $80,000.

The free membership includes a copy of your credit report, immediate alerts and credit monitoring with up to $1 million in identity theft insurance.

The Federal Trade Commission recommends students check their credit report periodically, as identity theft can occur weeks, months or even years after a data breach.

The letter urges students to take the initiative because the national credit bureau doesn’t permit UNF to act on students’ behalf regarding credit data.