University of California Irvine students are hit with mysterious breach
Technorati Tag: Security Breach
Date Reported:
4/4/08
UPDATED on 7/14/08:
"IRVINE, Calif. (CBS) ― A Texas man suspected of stealing the personal information of UC Irvine medical and graduate students and using it to file false income tax returns and collect refunds was behind bars today, a school official said.", source: CBS Channel 2 News
Organization:
University of California
Contractor/Consultant/Branch:
University of California, Irvine (UCI)
Victims:
"current and former UCI graduate students and medical students"
Number Affected:
"more than 100 identified victims at UCI"
Types of Data:
Tax information
Breach Description:
"April 9 Update: UC Irvine has received more than 100 reports that Social Security numbers have been stolen and used to file fraudulent tax returns to gain refunds."
Reference URL:
University of California, Irvine Identity Theft Alert
Orange County Register
Report Credit:
University of California, Irvine
Response:
From the online sources cited above:
UC Irvine police say 7,000 current or former graduate students could be at risk of identity thieves who already used stolen data to file fake tax returns
Victims are identified as current and former UCI graduate students and medical students.
In most cases, the students have discovered the issue when they electronically submit their federal income tax returns and the Internal Revenue Service informs them that someone has already filed using their name and Social Security number.
[Evan] Wow! This is a shocking way of finding out that you are a victim.
Police said Friday they don't know how the information was stolen or who is using it.
[Evan] This is almost equally as alarming. How do you plug a hole if you don't know where it is or if it's even still leaking?
UCIPD sent out a campuswide crime alert March 20 describing the situation and advising students to contact campus police, at or (after hours/weekends) , if they have any information or believe they have been a victim.
To date, an extensive investigation by the university has not identified a security breach on campus.
Extensive full-time resources have been dedicated to the investigation. UC Irvine Police Department, Network & Academic Computing Services, Administrative Computing Services and campus administrative staff have been conducting a thorough investigation.
The only victims of whom UCI is aware are graduate and medical students who were enrolled during the 2006-07 academic year and had GSHIP (Graduate Student Health Insurance Program) insurance.
[Evan] This is a localized group of people, so you would think that this would narrow the source down some.
Students who fall into that category can call the IRS at 1-.
"For the last two weeks, we have been scouring all of our databases and computer systems, but we have not found any leak here" on campus, UCI Police Chief Paul Henisey said.
The thefts appear to be part of a larger national case being investigated by the Internal Revenue Service, Henisey said. IRS agents have been on campus as part of the inquiry, he said. Henisey said the trail leads out of state, but would not comment further to avoid jeopardizing the case.
[Evan] It is good news that the IRS is working with the case too. I think it is going to take a sound investigation by the IRS to track this down.
Local and federal agencies stand ready to help. File crime reports with:
• UCI Police Department,
• IRS, 1-
• Social Security Administration, 1-
• Federal Trade Commission Identity Theft Hotline, 1-
• Credit reporting agencies (see above)
Students also may wish to call the IRS’ Taxpayer Advocate office, 1-.
The IRS has instructed that after the students have filed a crime report with the UC Irvine Police Department, they should complete a paper copy of their tax return, include a note as to what happened that provides the UCI Police Department report (DR) number, and mail the paper return to the IRS’ Fresno office.
The IRS has reported a significant number of identity theft crimes occurring nationwide, and it is possible that UC Irvine is the victim of one of those criminal enterprises.
the university’s financial aid office is arranging emergency loans in appropriate amounts for current students who face financial hardship by the delay in receiving their income tax refund
[Evan] This seems like really good judgment on the part of the school.
Ensuring data security is one of the most important responsibilities we have to the campus community and a top priority. We continually work to strengthen our information security practices.
[Evan] I really like this statement. The key concepts in this statement that grab my attention are "top priority" and "continually work to strengthen". I couldn't agree more.
Student Reaction:
Graduate student Stephanie Casey said she didn't know if her identity was stolen, but she's disturbed that the campus has not been telling students to call the credit agencies and put fraud alerts on their accounts.
[Evan] This statement must have been made without the knowledge that the school has informed students and urged them to call credit agencies.
"All these students don't know how serious it is that their names were sold," Casey said. "UCI is trying to keep it out of the press because it looks horrible for them, but either (an employee) did this or someone they contracted with did this, and they don't want to create mass panic, but this is the kind of thing you should be panicked about."
[Evan] I included these remarks because I do agree that this seems like an inside job based on the limited information we know.
Henisey said outside contractors are being examined as a possible source for the leak, possibly including those involved with health insurance, employment and unions.
UCI appears to be the only campus in the UC system or in Orange County that is having the problem, Henisey said.
Commentary:
This breach is unnerving in the fact that nobody seems to know how it occurred or is occurring. Victims probably feel helpless and authorities are limited in what they can do to help. All in all, it seems like the school, police and other investigators have done a good job in identifying the problem and responding to it. This has to be a significant challenge for them.
Past Breaches:
Unknown
Date Reported:4/4/08
UPDATED on 7/14/08:
"IRVINE, Calif. (CBS) ― A Texas man suspected of stealing the personal information of UC Irvine medical and graduate students and using it to file false income tax returns and collect refunds was behind bars today, a school official said.", source: CBS Channel 2 News
Organization:
University of California
Contractor/Consultant/Branch:
University of California, Irvine (UCI)
Victims:
"current and former UCI graduate students and medical students"
Number Affected:
"more than 100 identified victims at UCI"
Types of Data:
Tax information
Breach Description:
"April 9 Update: UC Irvine has received more than 100 reports that Social Security numbers have been stolen and used to file fraudulent tax returns to gain refunds."
Reference URL:
University of California, Irvine Identity Theft Alert
Orange County Register
Report Credit:
University of California, Irvine
Response:
From the online sources cited above:
UC Irvine police say 7,000 current or former graduate students could be at risk of identity thieves who already used stolen data to file fake tax returns
Victims are identified as current and former UCI graduate students and medical students.
In most cases, the students have discovered the issue when they electronically submit their federal income tax returns and the Internal Revenue Service informs them that someone has already filed using their name and Social Security number.
[Evan] Wow! This is a shocking way of finding out that you are a victim.
Police said Friday they don't know how the information was stolen or who is using it.
[Evan] This is almost equally as alarming. How do you plug a hole if you don't know where it is or if it's even still leaking?
UCIPD sent out a campuswide crime alert March 20 describing the situation and advising students to contact campus police, at or (after hours/weekends) , if they have any information or believe they have been a victim.
To date, an extensive investigation by the university has not identified a security breach on campus.
Extensive full-time resources have been dedicated to the investigation. UC Irvine Police Department, Network & Academic Computing Services, Administrative Computing Services and campus administrative staff have been conducting a thorough investigation.
The only victims of whom UCI is aware are graduate and medical students who were enrolled during the 2006-07 academic year and had GSHIP (Graduate Student Health Insurance Program) insurance.
[Evan] This is a localized group of people, so you would think that this would narrow the source down some.
Students who fall into that category can call the IRS at 1-.
"For the last two weeks, we have been scouring all of our databases and computer systems, but we have not found any leak here" on campus, UCI Police Chief Paul Henisey said.
The thefts appear to be part of a larger national case being investigated by the Internal Revenue Service, Henisey said. IRS agents have been on campus as part of the inquiry, he said. Henisey said the trail leads out of state, but would not comment further to avoid jeopardizing the case.
[Evan] It is good news that the IRS is working with the case too. I think it is going to take a sound investigation by the IRS to track this down.
Local and federal agencies stand ready to help. File crime reports with:
• UCI Police Department,
• IRS, 1-
• Social Security Administration, 1-
• Federal Trade Commission Identity Theft Hotline, 1-
• Credit reporting agencies (see above)
Students also may wish to call the IRS’ Taxpayer Advocate office, 1-.
The IRS has instructed that after the students have filed a crime report with the UC Irvine Police Department, they should complete a paper copy of their tax return, include a note as to what happened that provides the UCI Police Department report (DR) number, and mail the paper return to the IRS’ Fresno office.
The IRS has reported a significant number of identity theft crimes occurring nationwide, and it is possible that UC Irvine is the victim of one of those criminal enterprises.
the university’s financial aid office is arranging emergency loans in appropriate amounts for current students who face financial hardship by the delay in receiving their income tax refund
[Evan] This seems like really good judgment on the part of the school.
Ensuring data security is one of the most important responsibilities we have to the campus community and a top priority. We continually work to strengthen our information security practices.
[Evan] I really like this statement. The key concepts in this statement that grab my attention are "top priority" and "continually work to strengthen". I couldn't agree more.
Student Reaction:
Graduate student Stephanie Casey said she didn't know if her identity was stolen, but she's disturbed that the campus has not been telling students to call the credit agencies and put fraud alerts on their accounts.
[Evan] This statement must have been made without the knowledge that the school has informed students and urged them to call credit agencies.
"All these students don't know how serious it is that their names were sold," Casey said. "UCI is trying to keep it out of the press because it looks horrible for them, but either (an employee) did this or someone they contracted with did this, and they don't want to create mass panic, but this is the kind of thing you should be panicked about."
[Evan] I included these remarks because I do agree that this seems like an inside job based on the limited information we know.
Henisey said outside contractors are being examined as a possible source for the leak, possibly including those involved with health insurance, employment and unions.
UCI appears to be the only campus in the UC system or in Orange County that is having the problem, Henisey said.
Commentary:
This breach is unnerving in the fact that nobody seems to know how it occurred or is occurring. Victims probably feel helpless and authorities are limited in what they can do to help. All in all, it seems like the school, police and other investigators have done a good job in identifying the problem and responding to it. This has to be a significant challenge for them.
Past Breaches:
Unknown
Posts Atom 1.0
COURT GRANTS FINAL APPROVAL TO SETTLEMENT. UCI Students who are part of the United Healthcare Identity Theft Class Action will be paid money by December 31, 2010. Contact www.lakeshorelaw.org for further details.
Reply to this