University of Alaska: thousands affected by data breach, including names, social security numbers

Approximately 25,000 students, staff, and faculty members associated with the University of Alaska were affected following a successful phishing scam and subsequent data breach late last year.

The University of Alaska sent out letters to those people who had their names and accompanying social security numbers exposed to "an individual or individuals unknown to [the university]" due to an email scam.

Robbie Graham, the Associate Vice President of Public Affairs with the UA system, said that in December of 2016, an employee or employees at the university fell victim to a phishing scam executed through email. Graham said they clicked on material inside an email message in their inbox that initially appeared to be legitimate.

From there, the scammers gained access to "several" secured accounts which reportedly possessed vital student and employee information from an estimated 25,000 individuals.

Graham said that access was terminated and the system was put into lock down mode immediately following the breach. An investigation was then carried out to learn what had happened and who was vulnerable. However, the university does not know for sure if anyone's information was accessed or not.

In a statement released by the university, they state they "found no evidence to be able to determine if the messages containing sensitive information were or were not accessed during the brief time unknown individual(s) had access to the account."

Letters were sent out at the end of April to inform those people whose names and social security numbers were potentially at risk of having been accessed.

"There's a forensic process to determine who was affected, and that can take quite a bit of time to investigate," Graham said. Due to this, though the breach happened in December of last year, those affected weren't notified until roughly five months later.

However, right now, Graham said there is "no evidence to suggest" that anyone's personal information has been utilized via the attack.

Of the 25,000 affected, Graham said the greatest number are those within the University of Alaska Fairbanks system. "A small number were with UAA, and an even smaller number were with University of Alaska Southeast. Some statewide administration personnel were also included," Graham said.

Graham said that the university takes these kinds of attacks very seriously, saying even that one such event per year "seems like too many to us."

She said only the individuals who receive the letter and enroll in the ID Theft loss reimbursement insurance program would be covered against loss including identity theft. The insurance policy covers up to $1 million in losses. The enrollment is critical, because if individuals don't enroll, they won't have coverage. It's also important to note that individuals do not have to prove the theft was a result of this breach to receive reimbursement for loss.

Those students, staff, and faculty, who received the letter, were instructed to call an ID Experts center based in Dublin, Ohio, if they have questions or concerns regarding the event. That number is 1-888-320-7843.