If you've conducted business with the University of Hawaii-Manoa parking office from 1998 to June 2009 -- this one is for you.
UH officials say a major security breach could impact an estimated 53,000 people.
They say the security breach happened on May 30th but wasn't discovered until June 15th during a routine audit of the computer system.
"A computer hacker introduced a virus into a UH Manoa computer server containing parking office information and this enabled access to data on about 53,000 people," said university spokesman Gregg Takayama.
Of those affected, 41,000 involve social security numbers and 200 involve credit card numbers.
"As part of our investigation we do know that a computer site in China was involved but that doesn't necessarily mean that the hacker originated in China," said Takayama.
Those affected include all UH Manoa faculty and staff members in 1998 and anyone who had business with the UH Manoa parking office between January 1, 1998 and June 30, 2009.
"And that included anyone who received a parking permit or who've had their vehicles towed or who've appealed their parking citations," said Takayama.
"Oh that's great," said faculty member Marsha Cordes who coincidentally received a parking ticket Tuesday morning. "When I'm moving out of my office I'm getting a ticket."
Cordes wasn't pleased about news of the security breach.
"Yeah that is scary."
"We are unaware of anyone who has been hurt financially or suffered the lost of their identity," said Takayama.
A telephone hotline and web-page have been set up to assist those who are being alerted by letters and emails.
UH is also taking steps to strengthen its computer security, including purging all social security numbers from existing systems.
The FBI and HPD are investigating along with a service forensics expert.
In the meantime, UH officials are urging individuals to obtain and carefully review credit reports.
"And just be careful I guess but how can you be careful if that's where you have to pay," said Cordes.
If you have concerns or questions about the security breach contact the UH telephone hotline at #956-6000 or email, www.hawaii.edu/idalert/.
You can also obtain a credit report at https://www.annualcreditreport.com/cra/index.jsp
10 Frequently Asked Questions on unauthorized access to computer server at UH Manoa campus
1. What happened?
A routine audit conducted on June 15, 2010, discovered unauthorized access to a computer server used by the UH Mnoa Parking Office had occurred on May 30, 2010.
2. Am I affected?
Approximately 53,000 records were stored in the database. Of this total, approximately 41,000 Social Security numbers and 200 credit card numbers were exposed. The database contained data on two main groups of individuals:
3. UH Mnoa faculty and staff member employed in 1998.
4. Anyone who had business with the UH Mnoa Parking Office between January 1, 1998, and June 30, 2009. This includes:
c. Anyone who purchased parking permits, including staff of the East-West Center, UH Foundation and Research Corporation of the University of Hawai'i (RCUH).
d. Any campus visitor who had a vehicle towed or appealed a parking citation.
3. What information was in the compromised database?
The database contained personal information, including names, Social Security numbers, addresses, driver's license numbers, vehicle information, and credit card information. Information on other individuals included their UH identification numbers, which are not sensitive.
4. Has the data been misused?
At this time, UH Mnoa has no evidence that personal information was actually accessed, but we also cannot determine with certainty that it was not accessed.
5. Is there an investigation into this incident?
A forensic computer expert has been retained to further investigate this matter. The Honolulu Police Department and FBI have been notified, and have been asked to investigate any potential criminal activity related to this incident.
6. What is the campus doing to prevent future security breaches?
Social Security numbers are no longer used for parking transactions, and are being purged from all current and historical Parking Office databases. Additional security measures being taken include strengthening internal automated network monitoring practices, and performing extensive evaluations of systems to identify other potential security risks.
7. How will affected individuals be notified?
Letters to affected individuals were mailed on Saturday, July 3, 2010, and should be received starting on the next business day, Tuesday, July 6. In addition, an email notice will be sent to affected individuals at their most recent email address on record.
8. What should affected individuals know and do?
Carefully monitor your financial information and take protective measures against identity theft, which include:
· Obtaining and carefully reviewing credit reports. Free credit reports from all three credit agencies may be obtained by calling 877-322-8228.
· Reviewing bank and credit card statements regularly, and looking for unusual or suspicious activities.
· Contacting appropriate financial institutions immediately upon noticing any irregularity in a credit report or account.
If your identity or account has been compromised, you may take actions such as requesting refunds, closing accounts, and placing your credit records in a state of "fraud alert" or "freeze." Please know that we are making every effort to ensure that this incident does not recur.
9. If I did not receive a notification letter, does that mean my information was not in the compromised database?
Not necessarily. The campus has been collecting addresses of affected individuals, but not all addresses could be located-predominantly visitors to the campus who either appealed parking citations or who had vehicles towed at UH Mnoa between January 1, 1998, and June 30, 2009.
10. How can I get more information?
On weekdays between the hours of 8:00 a.m. to 4:30 p.m., call (808) 956-6000.
