SCSU IT Security Incident
FREQUENTLY ASKED QUESTIONS REGARDING SCSU IT SECURITY BREACH
This website is in response to a security breach at Southern Connecticut State University that occurred between August 22, 2013, and August 29, 2013, that may potentially have exposed the Social Security numbers of 148 individuals to identity theft and other misuse of personally identifying information.
1. What happened?
An employee of Southern Connecticut State University Center for Communication Disorders misplaced a portable storage device with stored files containing Social Security numbers that may possibly have been susceptible to exposure between the period of August 22, 2013, and August 29, 2013. In total, 148 individual Social Security numbers may have been vulnerable to exposure, and all of these individuals are being notified by mail. Further, they are being offered up to two years of identity theft protection insurance at no cost to them.
Upon identification of the vulnerability, Southern Connecticut State University (SCSU) took steps to correct the problem, and is implementing additional safeguards and controls to protect the University’s information assets.
2. What information was exposed?
The exposed data involved people not connected to the university.
3. How many people were affected by the incident?
The files in question contain Social Security numbers for 148 individuals.
4. What actions did the university take?
Upon learning of this incident, the university immediately took a number of parallel steps to investigate and remediate the exposure. On August 30, the university asked the Connecticut State Colleges and Universities System Office in Hartford for a forensic analysis to try to determine if an exposure risk existed. Once it was determined that there was the possibility that some individuals’ Social Security numbers could have been exposed, SCSU President Mary Papazian instructed senior members of her staff to implement the Connecticut Board of Regents’ approved notification plan, which includes sending letters and additional information to potentially affected individuals, along with the offer of up to two years of identity theft protection insurance at no cost to the affected parties. In addition, a toll-free call center was established to assist concerned individuals who had received notification. Information regarding this incident has been posted on the university’s website.
5. Does the university have any indication that any person has suffered identity theft as a result of the incident?
At this time, the university has no evidence or reports that the files in question were inappropriately accessed or that the information was used for identity theft or another crime. The university will continue to monitor the situation carefully and has enhanced its internal review procedures to identify unusual activities.
6. What steps is the university taking to prevent future incidents?
All non-essential personally identifiable information, including Social Security numbers, has been eliminated.
7. Is the university offering any identity protection services to affected individuals?
Southern Connecticut State University is offering affected individuals two years of free identity protection services through a contract with AllClear ID, a company that provides extensive credit monitoring and related services. If your personal information was contained in the files in question, you will be receiving notification in a letter sent through the postal mail. We might also suggest you obtain copies of your credit report from all three national credit reporting agencies to ensure that your reports are accurate. Information on how to obtain a free copy of your reports can be found at www.annualcreditreport.com.
8. How do I know if I am affected?
The university has sent out notification letters to each individual whose Social Security number may have been exposed. If you have not received a notification letter from Southern Connecticut State University, you may properly assume that your Social Security number was not among those affected.
9. How can I get more information?
The University and AllClear ID have setup a hotline to answer any questions you may
have. You may reach the hotline by calling (877) 579-2262.