More than 53,000 people, who did business with the University of Hawaii at Manoa parking office’s data base from 1998-2009, are being notified by mail that they may be affected by a computer security breach.
The FBI and Honolulu Police Department are investigating the breach that was discovered on June 15 during a routine audit. University officials say the unauthorized access to a computer server used by the Manoa parking office occurred on May 30.
Affected are 53,000 records, which included 41,000 Social Security numbers and 200 credit card numbers.
To protect personal information from further unauthorized access, social security numbers are no longer used for parking transactions, and are being purged from all current and past parking office databases, the university said.
The university said the main group of affected people included faculty and staff members employed in 1998; anyone who had business with the parking office between Jan. 1, 1998 to June 30, and who purchased parking permits, including staff of the East-West Center, UH Foundation, and Research Corporation of the University of Hawaii; and any campus visitor who had a vehicle towed or appealed a parking citation.
UH Manoa has also posted a list of frequently asked questions and answers on a website http://www.hawaii.edu/idalert/ . The questions and answers are re-printed below:
1. What happened?
A routine audit conducted on June 15, 2010, discovered unauthorized access to a computer server used by the UH Manoa Parking Office had occurred on May 30, 2010.
2. Am I affected?
Approximately 53,000 records were stored in the database. Of this total, approximately 41,000 Social Security numbers and 200 credit card numbers were exposed. The database contained data on two main groups of individuals:
>>UH Manoa faculty and staff member employed in 1998.
>> Anyone who had business with the UH Manoa Parking Office between January 1, 1998, and June 30, 2009. This includes:
>> Anyone who purchased parking permits, including staff of the East-West Center, UH Foundation and Research Corporation of the University of Hawaii.
>>Any campus visitor who had a vehicle towed or appealed a parking citation.
3. What information was in the compromised database?
The database contained personal information, including names, Social Security numbers, addresses, driver’s license numbers, vehicle information, and credit card information. Information on other individuals included their UH identification numbers, which are not sensitive.
4. Has the data been misused?
At this time, UH Manoa has no evidence that personal information was actually accessed, but we also cannot determine with certainty that it was not accessed.
5. Is there an investigation into this incident?
A forensic computer expert has been retained to further investigate this matter. The Honolulu Police Department and FBI have been notified, and have been asked to investigate any potential criminal activity related to this incident.
6. What is the campus doing to prevent future security breaches?
Social Security numbers are no longer used for parking transactions, and are being purged from all current and historical Parking Office databases. Additional security measures being taken include strengthening internal automated network monitoring practices, and performing extensive evaluations of systems to identify other potential security risks.
7. How will affected individuals be notified?
Letters to affected individuals were mailed on Saturday and should be received starting today. In addition, an e-mail notice will be sent to affected individuals at their most recent e-mail address on record.
8. What should affected individuals know and do?
Carefully monitor your financial information and take protective measures against identity theft, which include:
>>Obtaining and carefully reviewing credit reports. Free credit reports from all three credit agencies may be obtained at http://www.annualcreditreport.com or by calling 877-322-8228.
>>Reviewing bank and credit card statements regularly, and looking for unusual or suspicious activities.
>>Contacting appropriate financial institutions immediately upon noticing any irregularity in a credit report or account.
If your identity or account has been compromised, you may take actions such as requesting refunds, closing accounts, and placing your credit records in a state of fraud alert or freeze. Please know that we are making every effort to ensure that this incident does not recur.
9. If I did not receive a notification letter, does that mean my information was not in the compromised database?
Not necessarily. The campus has been collecting addresses of affected individuals, but not all addresses could be located predominantly visitors to the campus who either appealed parking citations or who had vehicles towed at UH Manoa between January 1, 1998, and June 30, 2009.
10. How can I get more information?
On weekdays between the hours of 8:00 a.m. to 4:30 p.m., call (808) 956-6000, or go to the webpage at http://www.hawaii.edu/idalert/. Updates will be posted as new information becomes available.