Massive security breach at US universities.

US universities have been affected by a major data breach.

A massive data breach has hit US Universities including Stanford University, University of California, University of Miami, University of Colorado Boulder, Yeshiva University, Syracuse University, and University of Maryland, Baltimore. Hackers have stolen terabytes of student, prospective student, and employee personal information including transcripts, financial info, mailing addresses, phone numbers, usernames, passwords and Social Security Numbers. These breaches are part of the larger Accellion FTA leak which has affected ~50 organizations. Students who applied to these colleges (or even have an account in the case of UC) are at risk of having their personal and financial information leaked publicly online including their Social Security Numbers. The hackers have sent emails to some victims. If you receive one of these emails, do not click the attached link unless you understand how to use Tor. The hackers are holding the universities at ransom. Unless the universities pay the ransom, the hackers will continue publishing student information.

Steps to take if you have been affected

1a. Change all of your passwords

While passwords are usually stored as hashes, it is still important to change your passwords after a data breach because poor security practices can allow for your password to be decoded using a Rainbow table.

1b. Enable Two Factor Authentication

If you want to stay super-safe, you can enable two factor authentication on your accounts. Two factor authentication secures your account by requiring a second form of authentication. For example, a phone app that generates a temporary security code that resets every 30 seconds or a smart card.

2. Check your bank statements

Check your bank statements to make sure that no unauthorized payments have been made. If you believe your card number has been exposed, ask your bank for a new card number.

3a. Check your credit report

If you believe that your Social Security Number has been compromised you can get a free credit report from each of the three credit bureaus (Equifax, Experian, and TransUnion).

3b. Freeze your credit

To prevent identity fraud, you can freeze your credit. Freezing your credit prevents anyone from opening new credit (e.g. a credit card) in your name. You must freeze your credit with all three credit bureaus. Freezing your credit on one will not freeze your credit on the other two.


Responses from universities are in bold.

Discussion Threads