Sent to those affected
From: UM DoIT Computer Security
Sent: Tue 5/8/2007 9:46 AM
Subject: Urgent Computer Security Notice from the University
May 8, 2007
Dear University of Missouri Employee,
I am writing to you because on May 3 and May 4, 2007, a database containing the names and Social Security Numbers of certain current and former University staff was accessed by an unknown individual or individuals who gained unauthorized online access to a University computer system. Your name and Social Security Number were included in this disclosure.
We do not know the specific purpose behind this unauthorized access, but evidence indicates that the information was accessed intentionally. The University considers this a serious matter and has notified law enforcement authorities.
Although we have no reason to believe that an unauthorized person is using your personal information, because the database contained your Social Security Number you may want to take steps to avoid possible identity theft. This could include placing a fraud alert on your credit files to let creditors know to contact you before opening new accounts. You can do this by calling any one of the three credit reporting agencies listed below.
You may also wish to check your credit report. You can get a free copy of your credit report at www.annualcreditreport.com or by calling 877-322-8228. When you receive your credit report, look it over carefully for accounts you did not open. Look for inquiries from creditors that you did not initiate and look for personal information, such as home address and Social Security Number, that is not accurate. If you see anything you do not understand, call the credit reporting agency at the telephone number on the report.
If you do find suspicious activity on your credit report, call your local police or sheriff's office and file a police report of identity theft. You should get a copy of the police report in case it is needed to give to creditors to clear up your records. You should also contact the Missouri Attorney General's Identity Theft Hotline at 800-392-8222 and file an Identity Theft Complaint Form with the Attorney General's Office.
Even if you do not find any signs of fraud on your reports, you may want to check your credit report every three months for the next year. You can find additional information on the Missouri Attorney General's website at http://www.ago.mo.gov/publications/idtheft.htm, and on the Federal Trade Commission's website on identity theft at http://www.ftc.gov/bcp/edu/microsites/idtheft.
We deeply regret that this occurred and are reviewing systems, applications, and procedures in an attempt to remove the possibility of an event of this nature recurring.
In order to answer any questions that you may have regarding this incident a special phone line, (573) 884-7222 or toll-free (866) 241-5619 has been activated and will be answered from 8 AM to 5 PM CST, Monday through Friday. Additional information about this security incident is available at http://doit.missouri.edu/computersecurity.
Gary K. Allen, DVM, PhD
Vice President for Information Technology, University of Missouri System
Chief Information Officer, University of Missouri-Columbia
225E University Hall, Columbia, Missouri 65211
Sent to all MU faculty and staff
From: UM DoIT Computer Security
Sent: Tue 5/8/2007 10:03 AM
To: MU STAFF; MU FACULTY; UMHS; UM - ANNOUNCEMENT
Subject: Information About May 2007 University Computer Security Incident
Dear University of Missouri Employee:
A University of Missouri database was breached beginning May 3, compromising more than 22,000 names and social security numbers. Those affected include employees of any campus within the UM system during calendar year 2004 who were also current or former students at the Columbia campus.
Of those employees affected, nearly 9,000 are still employed by the University of Missouri. These employees will receive an individual e-mail outlining the specifics of the incident along with detailed instructions about how to proceed. Emails to affected employees have already been sent. If you did not already receive a separate email, you are not one of the employees affected and no further action is required.
The University of Missouri is committed to protecting the confidentiality of all employee information. A recent project has been in progress to remove social security numbers from university databases in an effort to avoid such breaches of confidentiality. As this extensive process continues, please be advised the university is doing everything possible to ensure the safety of its data.
For more information about the security breach, please access the Computer Security Web page that includes a question-and-answer section regarding the event at http://doit.missouri.edu/computersecurity.