Notice of data breach from University System of Georgia:
This website notice is intended to provide the same information included in the notification letters to individuals for whom the University System of Georgia (USG) has insufficient or out-of-date contact information. USG was involved in an incident that may affect the security of certain individuals’ personal information. We want to provide affected individuals information about the incident, steps we are taking in response, and steps to guard against identity theft and fraud, should they feel it is appropriate to do so.
What Happened? USG purchased MOVEit® Secure File Transfer software from Progress® Software to transfer and store sensitive data. As has now been widely reported, the MOVEit® software included a vulnerability that allowed cybercriminals unauthorized access to the files stored on the MOVEit® platform at numerous government, higher education, and corporate customer sites worldwide beginning on or about May 28, 2023. This included USG. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have determined that data was acquired from the MOVEit® platform by a cybercriminal group named CL0P. The files and information obtained by this cybercriminal group will likely be published on its website.
What Information Was Involved? Data related to affected individuals may include:
- Full or partial (last 4 digits) Social Security Number
- Date of Birth
- Bank account number(s)
- Federal income tax documents with Tax ID number
What We Are Doing. USG takes protecting personal information seriously and is taking steps to prevent a similar occurrence in the future. MOVEit® Transfer software operating at USG was immediately blocked upon detection of the breach on May 31, 2023, and has now been fully updated and secured in accordance with guidance from Progress® Software and CISA. After updating and securing the system, USG immediately began a lengthy investigation to determine which individuals may have been impacted by the incident.
What Affected Individuals Can Do. Review information from the Federal Trade Commission’s website, https://IdentityTheft.gov/databreach, for steps to help protect from identity theft. In addition, we recommend individuals affected by the USG incident take advantage of free credit monitoring and related services offered via Experian using the instructions below.
Other Important Information:
To help protect an individual’s identity, USG is offering complimentary access to Experian IdentityWorksSM for 12 months.
If an affected individual believes there was fraudulent use of their information as a result of this incident and would like to discuss how it may be possible to resolve those issues, please contact an Experian agent. If, after discussing the situation with an agent, it is determined that identity restoration support is needed then an Experian Identity Restoration agent is available to investigate and resolve each incident of fraud that occurred from the date of the incident (including, as appropriate, helping with contacting credit grantors to dispute charges and close accounts; assisting with placing a freeze on their credit file with the three major credit bureaus; and assisting with contacting government agencies to help restore their identity to its proper condition).
Please note that Identity Restoration is available to an affected individual for 12 months from the date of this notice and does not require any action on their part at this time. The Terms and Conditions for this offer are located at www.ExperianIDWorks.com/restoration.
While identity restoration assistance is immediately available to an affected individual, we also encourage them to activate the fraud detection tools available through Experian IdentityWorks as a complimentary 12-month membership. This product provides superior identity detection and resolution of identity theft. To start monitoring personal information, please follow the steps below:
- Enroll by July 31, 2024 (The code will not work after this date.)
- Visit the Experian IdentityWorks website to enroll: https://www.experianidworks.com/credit
- Provide the activation code: NKMGW87BY
If an affected individual has questions about the product, need assistance with Identity Restoration that arose as a result of this incident, or would like an alternative to enrolling in Experian IdentityWorks online, contact Experian’s customer care team toll-free at 1-833-918-1243 by July 31, 2024. Be prepared to provide engagement number B116633 as proof of eligibility for the Identity Restoration services by Experian.
ADDITIONAL DETAILS REGARDING THE 12-MONTH EXPERIAN IDENTITYWORKS MEMBERSHIP
A credit card is not required for enrollment in Experian IdentityWorks. An affected individual can contact Experian immediately regarding any fraud issues, and have access to the following features after enrolling in Experian IdentityWorks:
- Experian credit report at signup: See what information is associated with one’s credit file. Daily credit reports are available for online members only.*
- Credit Monitoring: Actively monitors Experian file for indicators of fraud.
- Identity Restoration: Identity Restoration specialists are immediately available to help you address credit and non-credit related fraud.
- Experian IdentityWorks ExtendCARETM: Individuals receive the same high-level of Identity Restoration support even after the Experian IdentityWorks membership has expired.
- $1 Million Identity Theft Insurance**: Provides coverage for certain costs and unauthorized electronic fund transfers.
For More Information. USG regrets any inconvenience or concern caused by this incident. Individuals with further questions or concerns or would like an alternative to enrolling online, please call 1-833-918-1243 toll-free Monday through Friday from 8 a.m. – to 8 p.m. Central Time (excluding major U.S. holidays). Be prepared to provide the engagement number: B116633.
USG encourages everyone to remain vigilant and review personal account statements and monitor free credit reports. Anyone may also contact the major consumer reporting agencies to request a security freeze free of charge as provided by federal law. To obtain a credit freeze, callers will generally need to provide their Social Security Number, date of birth, and address. The contact information for the major consumer reporting agencies is:
- Equifax: PO Box 740241, Atlanta, GA 30347 1-800-525-6285 (equifax.com)
- Experian: PO Box 9554, Allen, TX 75013, 1-888-397-3742 (experian.com)
- TransUnion: PO Box 2000, Chester, PA 19016, 1-800-680-7289 (transunion.com)
For additional information regarding steps to take to avoid identity theft including fraud alerts and security freezes, you may also contact the Federal Trade Commission at 600 Pennsylvania Ave., NW, Washington, DC 20580, (202) 326-2222 or 1-877-FTC-HELP and see identitytheft.gov and https://www.identitytheft.gov/#/Know-Your-Rights. All United States citizens have additional rights pursuant to the U.S. Fair Credit Reporting Act. Residents of the District of Columbia may also contact the Office of the Attorney General for the District of Columbia. Iowa residents should report suspected identity theft to local law enforcement or the Iowa Attorney General. Maryland residents may also contact the Maryland Attorney General for additional information at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; 1-410-576-6300 or 1-888-743-0023; or at www.marylandattorneygeneral.gov. A Massachusetts resident has the right to obtain a police report. New York residents may obtain additional information from the New York State Attorney General’s website: ag.ny.gov/resources/credit-lending/identity-theft. North Carolina residents may obtain additional information from the North Carolina Attorney General’s office at 9001 Mail Service Center, Raleigh, NC, 27699-9001, 919-716-6400, ncdoj.gov. Rhode Island residents may obtain a police report and may also obtain additional information from the Rhode Island Attorney General at www.riag.ri.gov (401) 274-4400. Individuals should report suspected identity theft to law enforcement, including to your state’s attorney general and to the Federal Trade Commission.
*Offline members will be eligible to call for additional reports quarterly after enrolling.
**The Identity Theft Insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.
stevep
April 17, 2024 at 5:49 pm
So this breach was detected in May of 2023 and is not a new breach (spring 2024)?