Updated April 27, 2021

We continue to add to and update our list of frequently asked questions and answers as more information becomes available.

You may register with Experian IdentityWorks for credit monitoring services, using the enrollment code JCZGTC333.

If you have already registered, there is no need to take any further action to activate your monitoring. 

On December 24, 2020, Accellion’s file transfer appliance (FTA) was the target of an international attack, where perpetrators exploited a vulnerability in the application and attacked over 100 organizations including universities, government agencies and private companies. In connection with the attack, certain University data was accessed without authorization. We identified on March 29, 2021, that some of this data was posted on the Internet.

The University values privacy and security and is enhancing the safeguards and protections of its information and systems. The University has decommissioned the Accellion FTA and is transitioning to a more secure solution. The University is cooperating with the FBI and working with external cybersecurity experts to investigate this matter and determine what happened, what data was impacted and to whom the data belongs.

While the investigation is ongoing, evidence shows that an unauthorized party gained access to files that contain personal information belonging to members of the University community, including employees and their dependents, retirees and beneficiaries, donors and current and prospective students.

The University is working to identify the community members whose personal information was impacted and their contact information. These investigations take time, and we are working deliberately while providing accurate information as quickly as we can. Within the next 45 to 60 days, we expect to send appropriate individual notifications to those people whose personal information was impacted and whose current contact details are available to the University.

The impacted information may include full names, addresses, telephone numbers, Social Security numbers, driver’s license information, passport information, financial information including bank routing and account numbers, health and related benefit information, disability information and birthdates, as well as other personal information.

The University is working to identify the community members whose personal information was impacted and their contact information. These investigations take time, and we are working deliberately, while taking care to provide accurate information as quickly as we can. Within the next 45 to 60 days, we expect to have the information we need to send individual notifications to those whose current contact information is available to the University.

The University is offering free monitoring and identity theft protection services; sign up with Experian IdentityWorks (enrollment code: JCZGTC333).

We ask that University community members remain vigilant against threats of identity theft or fraud.  Additionally, it is always a good idea to be on alert for “phishing” emails or phone calls by someone who acts like they know you or are part of a company that you may do business with, and requests sensitive information, such as passwords, Social Security numbers or financial account information. You may report suspected phishing or social engineering attempts to communications@ucop.edu.

We also recommend that you use multifactor authentication for your online accounts when offered.

INFORMATION ON OBTAINING A FREE CREDIT REPORT

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit reports, visit www.annualcreditreport.com or call toll-free (877) 726-1014.

INFORMATION ON IMPLEMENTING A FRAUD ALERT OR SECURITY FREEZE

You can contact the three major credit bureaus at the addresses below to place a free, year-long fraud alert on your credit report. A fraud alert indicates to anyone requesting your credit file that you suspect you are a possible victim of fraud. A fraud alert does not affect your ability to get a loan or credit. Instead, it alerts a business that your personal information might have been compromised and requires that business to verify your identity before issuing you credit. Although this may cause some short delay if you are the one applying for the credit, it might protect against someone else obtaining credit in your name.

In addition to a fraud alert, you may consider placing a free security freeze on your credit report.  A security freeze prohibits a credit reporting agency from releasing any information from a consumer’s credit report without written authorization. However, please be aware that placing a security freeze on your credit report may delay, interfere with or prevent the timely approval of any requests you make for new loans, credit, mortgages, employment, housing or other services. A credit reporting agency may not charge you to place, temporarily lift or permanently remove a security freeze. 

To place a fraud alert on your credit report, you must contact one of three credit bureaus below and the other two credit bureaus will automatically add the fraud alert. To place a security freeze on your credit report, you must contact all three of the credit bureaus below.

 

Equifax:

Consumer Fraud Division

P.O. Box 740256

Atlanta, GA 30374

(888) 766-0008

www.equifax.com

Experian:

Credit Fraud Center

P.O. Box 9554

Allen, TX 75013

(888) 397-3742

www.experian.com

TransUnion:

TransUnion LLC

P.O. Box 2000

Chester, PA 19022-2000

(800) 680-7289

www.transunion.com

To request a security freeze, you will need to provide the following information:

  1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
  2. Social Security Number;
  3. Date of birth;
  4. If you have moved in the past five (5) years, the addresses where you have lived over those prior five years;
  5. Proof of current address such as a current utility bill or telephone bill; and
  6. A legible photocopy of a government-issued identification card (state driver license or ID card, military identification, etc.). 

You may also contact the U.S. Federal Trade Commission (“FTC”) for further information on fraud alerts, security freezes and how to protect yourself from identity theft. The FTC can be contacted at 400 7th St. SW, Washington, D.C. 20024; telephone (877) 382-4357; or www.consumer.gov/idtheft.

You may obtain information from the FTC and the credit reporting agencies listed above about placing a fraud alert and/or credit freeze on your credit report.

Within the next 45 to 60 days, we expect to send appropriate individual notifications to those people whose personal information was impacted and whose current contact details are available to the University. These investigations take time, and we are working deliberately, while taking care to provide accurate information as quickly as we can. 

Yes. Because protecting the UC member community is a high priority, the University promptly arranged for free credit monitoring and identity theft protection services for the entire University community; sign up with Experian IdentityWorks (enrollment code: JCZGTC333). The University also notified the community via email and posted a notice to its websites. Certain campuses also hosted interactive workshops.

The University has arranged for free credit monitoring and identity theft protection services for the entire University community through Experian IdentityWorks (enrollment code: JCZGTC333): 

If you have received an Experian notice, that is evidence the monitoring service is working. The Experian member portal offers information about what you can do to protect yourself. 

Experian advises people to take different steps, depending on what kind of information was exposed:

  1. My email address is compromised; what should I do next?
  2. My phone number was compromised; what should I do next?
  3. My Social Security Number (SSN) was compromised; what should I do next?
  4. My driver's license was compromised; what should I do next?
  5. My medical ID was compromised; what should I do next?
  6. My debit, credit or retail card was compromised; what should I do next?
  7. My passport was compromised; what should I do next?
  8. My bank account was compromised; what should I do next?
  9. My international bank account number (IBAN) was compromised; what should I do next?
  10. My National ID number was compromised; what should I do next?
  11. I received a breached company name in my Experian Internet Surveillance notification.
  12. A new inquiry alert was detected; what should I do next?
  13. A new account or new trade alert was detected; what should I do next?
  14. I don't recognize the company in my credit alert.
  15. I applied for credit, but have not received an alert.
  16. Why did I receive more than one alert for the same loan application?
a. My email address is compromised; what should I do next?
  • Consider changing the password to your email and to any other accounts that use your email address as a username. Use a strong password and avoid reusing passwords across multiple sites.
  • Review your credit reports from all three bureaus (Experian, Equifax and Transunion) for new activity.
  • As a precaution, keep an eye on your bank and credit card accounts for unfamiliar transactions.
b. My phone number was compromised; what should I do next?
  • Watch for suspicious calls and contact your phone provider if these noticeably increase.
  • Add your name to the national Do Not Call list.
  • Review your credit reports from all three bureaus (Experian, Equifax and Transunion) for new activity.
  • As a precaution, keep an eye on your bank and credit card accounts for unfamiliar transactions.

c. My SSN was compromised, what should I do next?

You may call Experian at (888) 397 3742. We request that University community members remain vigilant against threats of identity theft or fraud. Additionally, it is always a good idea to be alert for “phishing” emails or phone calls by someone who acts like they know you or are a company that you may do business with, and requests sensitive information, such as passwords, Social Security numbers or financial account information. You may report suspected phishing or social engineering attempts to communications@ucop.edu. We also recommend that you use multifactor authentication for your online accounts when offered.        

INFORMATION ON OBTAINING A FREE CREDIT REPORT

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit reports, visit www.annualcreditreport.com or call toll-free (877) 726-1014.

INFORMATION ON IMPLEMENTING A FRAUD ALERT OR SECURITY FREEZE

You can contact the three major credit bureaus at the addresses below to place a fraud alert on your credit report. A fraud alert indicates to anyone requesting your credit file that you suspect you are a possible victim of fraud. A fraud alert does not affect your ability to get a loan or credit. Instead, it alerts a business that your personal information might have been compromised and requires that business to verify your identity before issuing you credit. Although this may cause some short delay if you are the one applying for the credit, it might protect against someone else obtaining credit in your name.

In addition to a fraud alert, you may consider placing a security freeze on your credit report.  A security freeze prohibits a credit reporting agency from releasing any information from a consumer’s credit report without written authorization. However, please be aware that placing a security freeze on your credit report may delay, interfere with or prevent the timely approval of any requests you make for new loans, credit, mortgages, employment, housing or other services. A credit reporting agency may not charge you to place, temporarily lift or permanently remove a security freeze.

To place a fraud alert on your credit report, you must contact one of three credit bureaus below and the other two credit bureaus will automatically add the fraud alert. To place a security freeze on your credit report, you must contact all three of the credit bureaus below.

Equifax:

Consumer Fraud Division

P.O. Box 740256

Atlanta, GA 30374

(888) 766-0008

www.equifax.com

Experian:

Credit Fraud Center

P.O. Box 9554

Allen, TX 75013

(888) 397-3742

www.experian.com

TransUnion:

TransUnion LLC

P.O. Box 2000

Chester, PA 19022-2000

(800) 680-7289

www.transunion.com

To request a security freeze, you will need to provide the following information:

  1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
  2. Social Security Number;
  3. Date of birth;
  4. If you have moved in the past five (5) years, the addresses where you have lived over those prior five years;
  5. Proof of current address such as a current utility bill or telephone bill; and
  6. A legible photocopy of a government-issued identification card (state driver license or ID card, military identification, etc.).

You may also contact the U.S. Federal Trade Commission (“FTC”) for further information on fraud alerts, security freezes and how to protect yourself from identity theft. The FTC can be contacted at 400 7th St. SW, Washington, D.C. 20024; telephone (877) 382-4357; or www.consumer.gov/idtheft.

You may obtain information from the FTC and the credit reporting agencies listed above about placing a fraud alert and/or credit freeze on your credit report.

d. My driver's license was compromised; what should I do next?
  • Contact your local DMV.
  • Review your credit reports from all three bureaus (Experian, Equifax and Transunion) for new activity.
  • As a precaution, keep an eye on your bank and credit card accounts for unfamiliar transactions.
e. My medical ID was compromised; what should I do next?
  • Contact your medical care provider to report activity and verify that there have not been any fraudulent claims opened.
  • Review your credit reports from all three bureaus (Experian, Equifax and Transunion) for new activity.
  • As a precaution, keep an eye on your medical insurance accounts, as well as your bank and credit card accounts for unfamiliar transactions.
f. My debit, credit or retail card was compromised; what should I do next?
  • Review the account transaction history closely for unfamiliar charges.
  • If you detect unfamiliar charges or other suspicious activity, contact your financial institution to cancel your card and/or report it stolen.
  • Review your credit reports from all three bureaus (Experian, Equifax and Transunion) for new activity.
  • As a precaution, keep an eye on other bank and credit card accounts for unfamiliar transactions.

g. My passport was compromised; what should I do next?

  • Contact the U.S. Passport office (or your representative Embassy or Consulate, if your passport is from a different country).
  • Review your credit reports from all three bureaus (Experian, Equifax and Transunion) for new activity.
h. My bank account was compromised; what should I do next?
  • Review the account transaction history closely for unfamiliar charges.
  • If you detect unfamiliar charges or other suspicious activity, contact your financial institution and close your bank card/account.
  • Review your credit reports from all three bureaus (Experian, Equifax and Transunion) for new activity.
  • As a precaution, keep an eye on other bank and credit card accounts for unfamiliar transactions.
i. My international bank account number (IBAN) was compromised; what should I do next?
  • Review the account transaction history closely for unfamiliar charges.
  • If you detect unfamiliar charges or other suspicious activity, contact your financial institution and close your bank card/account.
  • Review your credit reports from all three bureaus (Experian, Equifax and Transunion) for new activity.
  • As a precaution, keep an eye on other bank and credit card accounts for unfamiliar transactions.

j. My National ID number was compromised; what should I do next?

  • Review your credit reports from all three bureaus (Experian, Equifax and Transunion) for new activity.
  • As a precaution, keep an eye on your bank and credit card accounts for unfamiliar transactions. 
k. I received a breached company name in my Experian Internet Surveillance notification.

This is the potential company or website where the internet compromise originated from. Hackers, when sharing stolen data on the dark web, will sometimes provide the name of the company or website where the information was breached from. In this situation, you may see a reference to UC.

If you don't recognize the breached company as one you have a relationship with, note that it may be a third party organization that interfaces with a company you have done business with. A hypothetical example could be if your information was exposed during the breach of a payment processor that partners with a commercial airline you've bought tickets from.

l. A new inquiry alert was detected; what should I do next?

If you recognize or authorized this activity, no action is required. If not, here is some more information that may help.

If you're still certain that you didn't authorize this activity, there are steps that you can take:

  • Contact the creditor - this may clear up what's happening.
  • Review your credit report for new activity.
  • Dispute the account information on your credit report.
m. A new account or new trade alert was detected; what should I do next?

If you recognize or authorized this activity, no action is required. If not, here is some more information that may help.

If you're still certain that you didn't authorize this activity, there are steps that you can take.

  • Contact the creditor - this may clear up what's happening.
  • Review your credit report for new activity.
  • Dispute the account information on your credit report.
n. I don't recognize the company in my credit alert.

If you are not sure if you initiated the activity on your alert, here's some information that may help:

Did you recently apply for a credit application or open a new account? Here are some companies you may see in your alert that may not be familiar on first glance:

  • JPMCB (aka JP Morgan Chase Bank)
  • CBNA (aka Citibank)
  • CapOne (aka CapitalOne)
  • FNBO (aka First National Bank of Omaha)
  • TBH (aka The Home Depot)
  • Synchrony Bank - Credit and loan provider that typically works with major retailers.
  • Credco - This is a third-party reporting agency. Often, mortgage companies, financial institutions, and dealerships will contact this type of reporting agency to obtain a three-bureau credit score.
  • Ally - Ally Bank is a credit and loan provider that typically works with major retailers in several industries, such as auto financing, equity sponsors and corporate finance.
o. I applied for credit, but have not received an alert

Most lenders report account activity within 30 days, but some can take as long as 90 days. Also, some smaller creditors may only report to one or two of the three nationwide consumer reporting agencies - Equifax, Experian and TransUnion. If your creditor doesn't report to all three, then you will not receive an alert from all three for the same activity.

p. Why did I receive more than one alert for the same loan application?

Here are some common reasons that you will receive multiple alerts for the same loan application:

  • If the loan was approved and the lender opened an account in your name, you will receive an alert for the initial credit report inquiry to process your application and also an alert for the account being opened.
  • If the lender reported your account to all three of the major credit bureaus - Experian, Equifax and TransUnion - you may receive an alert from each bureau. 

To receive credit services, you must be over the age of 18, have established credit in the U.S., have a Social Security number in your name and have a U.S. residential address associated with your credit file.

It is not necessary to notify the University about affected data as a result of the Accelion event. The University is working to identify the community members whose personal information was impacted and their contact information. These investigations take time, and we are working deliberately, while taking care to provide accurate information as quickly as we can. Within the next 45 – 60 days, we expect to have the information we need to send individual notifications to those whose current contact information is available to the University.

Yes. The credit monitoring agencies recommend that you should check your credit report at least once a year, if not more often, as part of your normal financial management practices. Some individuals prefer checking their credit scores monthly or even weekly. You can check your credit score as frequently as you’d like without impacting your score.

You can order your credit reports for free from all three credit bureaus once a year. You can do this online at www.annualcreditreport.com or by phone at 1-877-322-8228.

Yes, non-exempt employees may take up to one hour of paid time to sign up for credit monitoring and identification protection through Experian IdentityWorks.SM Employees must provide advance notice to their supervisor.

When we discovered the issue, we took the Accellion FTA offline and patched the vulnerability. There is no evidence that other University systems were impacted. We are in the process of transitioning to a new file transfer system with enhanced security controls, deploying additional system monitoring broadly throughout our network, conducting a security health check of certain systems and are enhancing security controls, processes and procedures.

Yes. When we discovered the issue, we took the system offline and patched the Accellion vulnerability. There is no evidence that other University systems were impacted. We are in the process of transitioning to a new file transfer system with enhanced security controls, deploying additional system monitoring broadly throughout our network, conducting a security health check of certain systems and are enhancing security controls, processes and procedures.

Yes. The University has reported the matter to U.S. federal law enforcement.

Authentication is the process of determining whether someone or something is, in fact, who or what it declares itself to be. Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction. Multifactor authentication combines two or more independent credentials: what the user knows (password), what the user has (security token) and what the user is (biometric verification).

Questions about this incident may be sent to communications@ucop.edu.