On Wednesday night, The Diamondback broke a story which has jolted the entire UMD community.
On Tuesday morning between 4 and 5 a.m., the social security numbers, university ID numbers, names and birth dates of over 309,000 students and staff was accessed by an unknown source.
The university’s systems first detected a problem around 8 a.m.
Why is this such a big issue?
Unlike credit cards, it’s very difficult to replace Social Security numbers. The Social Security Administration requires you to report identity theft with the FTC as well as through an Internet complaint form, which can take a long time to process.
Every private business and government agency that you’ve ever dealt with, will have records of your old SSN and it’ll become a big hassle to deal with those entities if your new SSN number isn’t registered to your credit history OR if those businesses and agencies don’t have your new SSN to begin with.
What can I do?
Monitor all of your financial, credit card, health care, tax records. Make sure everything is normal. If it is not, then it’s very likely that you are a victim of identity fraud.
What is UMD doing to help students who may be affected?
The University will be offering a full year of credit monitoring. They have also set up a hot line (301-405-4440) and an email address (firstname.lastname@example.org) to help with any questions anyone has.
How do I find out if I was affected?
According to Reddit user xenonscreams:
So I called that hotline number (which redirected to the IT Help Desk haha) and the lady who answered said the investigative panel is working on compiling the names and that on the website at some point, there will be a tool where you will be able to enter your name and see if you are affected by the breach.
She did not know if every single person was affected for sure, but at least we’ll have definitive answers in the future.
Here’s the reaction from Twitter –
— Robert Vesco (@robertvesco) February 21, 2014
Question I asked professor: Would the #UMD data breach be prevented if they have their data stored on the cloud & not on their data center?
— Mohammed مُحمَّد (@maltaee) February 20, 2014
Less than 24 hours after the UMD data breach a slimy vendor tried to sell me "security" consultant based upon that. Thanks @janusassociates
— Hunterely (@hunterely) February 20, 2014
Thousands of UMD students social security numbers are in someone else's hands. That's a reason to be happy if you didn't get accepted.
— Wally (@Nick_Dunnn) February 20, 2014
Since UMD can't even protect our social security #'s can they do away with these bum ass internet login passwords
— Byrie Kurving (@B__Hunt) February 20, 2014
“309,079 UMD Social Security numbers compromised in massive cyberattack” Now I know how Spongebob felt when he thought he lost his identity
— Seun Lajubutu (@das_Butu) February 20, 2014
This week the University of Maryland lost its bid for the Corcoran Gallery AND had 300,000 social security numbers hacked. #VH1BestWeekEver
— Chris M Todd (@IamChrisTodd) February 21, 2014
Damn. Univeristy of Maryland's database was hacked and over 300,000 records were stolen. Including Social Security numbers. Yikes😟
— Jason Louwagie (@JLouwagie14) February 21, 2014
And the winner for best tweet goes to……
I was debating if I should put in my wifi password now that UMD has #LohSecurity
— D Weezy (@Thirst_D) February 20, 2014
UPDATE – Brian Ross, VP of IT at UMD, has provided students with an update on the situation via email:
To help protect your identity, we are offering a free, one-year membership of Experian’s ProtectMyID Alert. This product helps detect possible misuse of your personal information and provides you with superior identity protection support focused on immediate identification and resolution of identity theft.
Effective immediately, operators at Experian are standing by at 1-866-274-3891 (Monday-Friday 9:00 am-9:00 pm EST and Saturday-Sunday 11:00 am-8:00 pm EST) to answer general questions or concerns regarding this matter. Starting on Tuesday, February 25 at 9:00 am EST, you can call them directly to determine if your records were compromised and to register for your free year of credit protection. You must activate this service by 11:59 pm EST on May 31, 2014.