Database breach e-mails

Tuesday, May 8, 2007 | 1:25 p.m. CDT; updated 8:34 p.m. CDT, Monday, July 21, 2008

Sent to those affected

-----Original Message-----

From: UM DoIT Computer Security

Sent: Tue 5/8/2007 9:46 AM

Subject: Urgent Computer Security Notice from the University

May 8, 2007

Dear University of Missouri Employee,

I am writing to you because on May 3 and May 4, 2007, a database containing the names and Social Security Numbers of certain current and former University staff was accessed by an unknown individual or individuals who gained unauthorized online access to a University computer system. Your name and Social Security Number were included in this disclosure.

We do not know the specific purpose behind this unauthorized access, but evidence indicates that the information was accessed intentionally. The University considers this a serious matter and has notified law enforcement authorities.

Although we have no reason to believe that an unauthorized person is using your personal information, because the database contained your Social Security Number you may want to take steps to avoid possible identity theft. This could include placing a fraud alert on your credit files to let creditors know to contact you before opening new accounts. You can do this by calling any one of the three credit reporting agencies listed below.

Experian 888-397-3742

Equifax 800-525-6285

TransUnion 800-680-7289

You may also wish to check your credit report. You can get a free copy of your credit report at or by calling 877-322-8228. When you receive your credit report, look it over carefully for accounts you did not open. Look for inquiries from creditors that you did not initiate and look for personal information, such as home address and Social Security Number, that is not accurate. If you see anything you do not understand, call the credit reporting agency at the telephone number on the report.

If you do find suspicious activity on your credit report, call your local police or sheriff's office and file a police report of identity theft. You should get a copy of the police report in case it is needed to give to creditors to clear up your records. You should also contact the Missouri Attorney General's Identity Theft Hotline at 800-392-8222 and file an Identity Theft Complaint Form with the Attorney General's Office.

Even if you do not find any signs of fraud on your reports, you may want to check your credit report every three months for the next year. You can find additional information on the Missouri Attorney General's website at, and on the Federal Trade Commission's website on identity theft at

We deeply regret that this occurred and are reviewing systems, applications, and procedures in an attempt to remove the possibility of an event of this nature recurring.

In order to answer any questions that you may have regarding this incident a special phone line, (573) 884-7222 or toll-free (866) 241-5619 has been activated and will be answered from 8 AM to 5 PM CST, Monday through Friday. Additional information about this security incident is available at


Gary K. Allen, DVM, PhD

Vice President for Information Technology, University of Missouri System

Chief Information Officer, University of Missouri-Columbia

225E University Hall, Columbia, Missouri 65211

Sent to all MU faculty and staff

-----Original Message-----

From: UM DoIT Computer Security

Sent: Tue 5/8/2007 10:03 AM


Subject: Information About May 2007 University Computer Security Incident

Dear University of Missouri Employee:

A University of Missouri database was breached beginning May 3, compromising more than 22,000 names and social security numbers. Those affected include employees of any campus within the UM system during calendar year 2004 who were also current or former students at the Columbia campus.

Of those employees affected, nearly 9,000 are still employed by the University of Missouri. These employees will receive an individual e-mail outlining the specifics of the incident along with detailed instructions about how to proceed. Emails to affected employees have already been sent. If you did not already receive a separate email, you are not one of the employees affected and no further action is required.

The University of Missouri is committed to protecting the confidentiality of all employee information. A recent project has been in progress to remove social security numbers from university databases in an effort to avoid such breaches of confidentiality. As this extensive process continues, please be advised the university is doing everything possible to ensure the safety of its data.

For more information about the security breach, please access the Computer Security Web page that includes a question-and-answer section regarding the event at

Like what you see here? Become a member.

Show Me the Errors (What's this?)

Report corrections or additions here. Leave comments below here.

You must be logged in to participate in the Show Me the Errors contest.


Leave a comment

Speak up and join the conversation! Make sure to follow the guidelines outlined below and register with our site. You must be logged in to comment. (Our full comment policy is here.)

  • Don't use obscene, profane or vulgar language.
  • Don't use language that makes personal attacks on fellow commenters or discriminates based on race, religion, gender or ethnicity.
  • Use your real first and last name when registering on the website. It will be published with every comment. (Read why we ask for that here.)
  • Don’t solicit or promote businesses.

We are not able to monitor every comment that comes through. If you see something objectionable, please click the "Report comment" link.

You must be logged in to comment.

Forget your password?

Don't have an account? Register here.