The Social Security numbers, ID numbers and names of some 63,000 former and current students and employees at the University of Central Florida have been compromised in a breach of campus records conducted by hackers.
In an official statement from UCF, university officials first became aware of the breach in early January but opted not to publicly address the hack until it had worked with the proper authorities to determine the source and extent of the breach. UCF's IT department insists that there has not yet been any attempt to use the Social Security numbers for the purpose of identity theft, fraud or other financial means. The university also stresses that no credit card information, financial records, medical records or grades were compromised in the hack, however student and employee ID numbers, names and other information were all compromised.
University officials have confirmed that current and former student-athletes who last played for the university in 2014-15, along with student staff managers for university teams and other related positions were affected by the hack. The remaining effected individuals consist of current UCF employees and those who worked at the university as far back as the 1980s. The total number of people whose information was included in the hack is a reported 63,000.
For the student-athletes and student staff members supporting those teams, compromised information included first and last names, Social Security numbers, student ID numbers, sport, whether they were walk-ons or recruited, as well as the number of credit hours taken and in progress. For the group of employees, compromised information included first and last names, Social Security numbers and UCF-issued Employee Identification Numbers.
Undergraduate student employees including those in work-study jobs, graduate assistants, resident assistants, adjunct faculty, student government members and general faculty were among the positions affected by the hack.
Officials with the university's information technology department say that it remains unclear as to who executed the hack, but it is suspected that the attack was the work of multiple individuals over time.
The individuals affected by the hack were initially notified via letter, while a call-in phone center will also be available for individuals to verify if their information has been compromised. The university also launched a website to answer questions at www.ucf.edu/datasecurity.
The university says that those people whose information was compromised will receive one year of free credit monitoring and identity-protection services, though it is recommended that those effected should also consider freezing their credit accounts so as to eliminate the opportunity for hackers to take out credit cards or loans.
UCF says it is taking actions to enhance user account and password security, as well as strengthening data security processes and protocols on the university’s computer network. The university will also expand its information-security education and training in attempt to ensure that a data breach of this magnitude doesn't happen again.