UH Mānoa Possible Data Exposure
Update as of August 19, 2010:
The forensic computer consultant retained by the UH Mānoa Parking Office concluded an investigation in July on the security breach. While the investigation confirmed that unauthorized access was achieved, it could not be ascertained if the information contained within the database was copied, viewed, or downloaded. The investigations by the FBI and the Honolulu Police Department are ongoing. Affected individuals are encouraged to continue monitoring their financial information and take protective measures as outlined below.
Incident Details
A routine audit conducted on June 15, 2010 discovered that unauthorized access to a computer server used by the University of Hawaiʻi at Mānoa (UHM) Parking Office had been initiated on May 30, 2010. The system was immediately isolated and an investigation launched to determine the scope of the breach and to identify the individuals that may be affected. A forensic computer expert has been retained to further investigate this matter. The Honolulu Police Department and FBI have also been notified and asked to investigate any potential criminal activity related to this incident.
To protect personal information from further unauthorized access, additional security measures have been taken. They include strengthening internal automated network monitoring practices and performing extensive evaluations of our systems to identify other potential security risks. Social Security numbers are no longer used for parking transactions and are being purged from all current and historic Parking Office databases.
The Parking Office database that was breached contained personal information, including names, Social Secuirty numbers, addresses, driver's license numbers, vehicle information, and credit card information of two (2) main groups of individuals:
Note: As of 7/8/10, our ongoing investigation into this incident has more clearly defined the groups that comprise the affected 53,000 persons. This information is added below in blue.
- UHM or UH System faculty and staff members employed in 1998. In addition, faculty and staff employed within the UH system in 1998 and any registered student at UH Mānoa in 1998 are included.
- Anyone who had business with the UHM Parking Office between January 1, 1998 and June 30,
2009. This includes:
- Anyone who purchased UHM parking permits, including staff of the University, East-West Center, UH Foundation, and Research Corporation of the University of Hawaiʻi (RCUH).
- Campus visitors who had a car towed or appealed a parking citation.
At this time, UHM has no evidence that personal information was actually accessed, but we also cannot determine with certainty that it was not accessed. Therefore, UHM has begun notifying the approximately 53,000 individuals listed in the system database, including approximately 40,870 with Social Security numbers and 200 with credit card numbers.
Potentially affected individuals are encouraged to monitor their financial information and to take protective measures against identity theft which include:
- Obtaining and carefully reviewing credit reports. Free credit reports from all three (3) credit agencies may be obtained at http://www.annualcreditreport.com or by calling 877-322-8228.
- Reviewing bank and credit card statements regularly and looking for unusual or suspicious activities.
- Contacting appropriate financial institutions immediately upon noticing any irregularity in a credit report or account.
If your identity or accounts have been compromised, the following actions may be taken:
- Requesting refunds
- Closing accounts
- Placing credit records in a state of "fraud alert" or "freeze"
UHM is making every effort to ensure that this incident does not recur. If there are any questions or if additional information is needed, you may call the helpline at (808) 956-7819 on weekdays between the hours of 8:00 am and 4:30 pm Hawaii Standard Time (HST) or e-mail idalert@hawaii.edu.
Updates will be posted on this website as new information becomes available.
Last Updated: August 19, 2010