X
Home Information Technology Services Security

Security Incident — July 14, 2021

 

The University of Memphis is committed to protecting the security and confidentiality of the information entrusted to us.

 

Am I affected?
We began notifying affected individuals on July 14, 2021. Affected individuals received notification at their current email address and mailing address listed in University records. 

What happened?
On June 7, 2021, the University received a report of inappropriate access being granted to a University laptop. Immediate steps were taken on June 7, 2021, to secure the laptop. An investigation was immediately launched to determine if any personally identifiable information may have been involved.

On June 9, 2021, the investigation determined that some confidential data for certain students were contained on the laptop and were accessible by the unauthorized user. The UofM has identified you as one of the students whose information was accessible.

When did it happen?
IT Security first became aware of a potential data exposure on June 7, 2021. Inappropriate access to the laptop was available to an unauthorized user for 40 minutes

Why wasn’t I contacted sooner?
The University of Memphis is committed to protecting the security and confidentiality of the information entrusted to us, and we worked hard to notify you as quickly as possible. After we found out about this incident, we promptly took steps to secure the laptop. We notified you as soon as we could once we determined the extent of the data involved. 

Why was I notified? 
The University is committed to protecting the security and confidentiality of the information entrusted to us, and we knew that affected individuals would want to know about this incident. There are also state and federal laws that require us to provide notification.

What information was involved?
Inappropriate access to the laptop was available to an unauthorized user for 40 minutes. The data included admission applications with names, addresses, date of birth, and social security numbers. The data were not encrypted.

What specific information of mine was affected?
The data included individual names, social security numbers, addresses, and telephone numbers. The data were not encrypted. We have no knowledge that your information has been misused in any way.

How many people were involved in the security breach?
There were a limited number of students whose confidential information were found in admissions applications on the laptop. Each student whose information was potentially at risk is receiving the formal notification of the incident with steps to protect your identify.

Have those affected people been notified?
Yes. We notified all individuals whose information may have been affected. 

Could there potentially be more people affected?
We’ve conducted a thorough investigation and have notified all individuals whose information may have been affected.

Does this mean I am the victim of identity theft?
We have no knowledge that any individual’s information has been misused in any way. However, as a precautionary measure and in order to help detect possible misuse of personal information, we recommend that affected individuals follow the steps included in the letter sent regarding the free membership in credit monitoring and identity theft protection services offered.

A copy of your credit report can be obtained, free of charge, directly from each of the three nationwide credit reporting companies. To order an annual free report please visit www.annualcreditreport.com, call toll free at 1-877-322-8228, or directly contact the three nationwide credit reporting companies:

Equifax
PO Box 740241
Atlanta, GA 30374
www.equifax.com
1-800-525-6285

Experian
PO Box 9554
Allen, TX 75013
www.experian.com
1-888-397-3742

TransUnion
PO Box 6790
Fullerton, CA 92834
www.transunion.com
1-800-680-7289

 

Are you providing credit monitoring services?
Yes. Even though we currently have no knowledge that any information has been misused in any way, as a precautionary measure and in order to help detect possible misuse of personal information, we are offering a free membership in credit monitoring and identity theft protection services to all affected individuals. For more information about these services and instructions on how to activate the membership, please follow the steps included in the notification letter. 

What should I do if my credit is compromised or there is fraudulent activity? Will I be responsible for the charges?
We currently have no knowledge that any information has been misused in any way. However, we urge individuals to sign up for the free credit protection services in order to identify any potentially fraudulent use of personal information. 

If you ever believe you have been the victim of identity theft or have reason to believe your information is being misused, we urge you to immediately contact the police and file a police report. Obtain a copy of the police report as you may need to provide copies of the report to creditors to clear up your records. You may also contact the Federal Trade Commission and the Attorney General’s Office in your state.

What are you doing in the future to protect the security of my information?
We are committed to protecting the security and confidentiality of University data, and we deeply regret any inconvenience this may cause you. We took immediate steps to secure personal information and to make sure it is no longer accessible to the unauthorized user. Additionally, employees have been reminded of policies and procedures designed to protect confidential information. Annual IT Security Awareness Training for employees is required and additional technologies are being reviewed to strengthen compliance with data security policies and guidelines.

How will I know if my information was used by someone else?
We currently have no knowledge that any information has been misused in any way. However, we encourage individuals to take advantage of the free credit protection services being offered and to be vigilant to the possibility of fraud and identity theft by reviewing credit reports and credit card, bank, and other financial statements for any unauthorized activity. Enrollment information for the free credit monitoring services is provided in the notification letter. 

How does someone obtain a free copy of his or her credit report?
To obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting companies, please visit www.annualcreditreport.com, call toll free at 1-877-322-8228, or directly contact the three nationwide credit reporting companies:

Equifax
PO Box 740241
Atlanta, GA 30374
www.equifax.com
1-800-525-6285

Experian
PO Box 9554
Allen, TX 75013
www.experian.com
1-888-397-3742

TransUnion
PO Box 6790
Fullerton, CA 92834
www.transunion.com
1-800-680-7289

 

I lost my activation code to enroll in the credit monitoring services. Who can help me?
Please call the University of Memphis Registrar’s Office at 901-678-2922.

I never received an activation code to enroll in the credit monitoring services.
The activation code was included in the letters mailed to eligible individuals whose information was affected. If you did not receive a letter, your information was not affected. If you misplaced your letter, please contact the University of Memphis Registrar’s Office at 901-678-2922.

Do you know if my information was accessed?
We currently have no knowledge that any individual’s information has been misused in any way. We are notifying all individuals whose information was present on the laptop as a precaution. 

Is my information still accessible?
We currently have no knowledge that any individual’s information has been misused in any way. Inappropriate access to the laptop was revoked on the same day it was discovered. We are notifying all individuals whose information was present on the laptop as a precaution. 

Who can I contact for assistance?
The University of Memphis takes this matter very seriously. In order to assist you with any questions you may have regarding this incident, the University has established a center specifically dedicated to answering your questions related to this incident. The University of Memphis Registrar's Office can be reached at 901-678-2922.

I’m having trouble signing up for credit monitoring services and/or I have additional questions about the credit monitoring services being offered. Who can help me?
Please contact the University of Memphis Registrar's Office at 901-678-2922.

Why was my letter sent from an address in Oregon?
In order to notify students regarding this incident as quickly as possible, the University is working with a mail processing vendor to mail your notification letter. The return address on your envelope is the return address for the mail processing vendor based in Oregon. 

I use another product to protect my identity. Will the University reimburse me?
Out of an abundance of caution, the University is offering individuals free membership of credit monitoring and identity theft protection services through TransUnion, as described in the notification letter. The University is not providing any other identity protection services nor compensating individuals for any other identity theft protection services purchased. We sincerely regret any inconvenience this incident may cause.