UH Mānoa notifying affected individuals of online security breach

University of Hawaiʻi at Mānoa
Posted: Jul 6, 2010

The University of Hawai‘i at Mānoa today began notifying approximately 53,000 individuals listed in a system database, housed on a computer server used by the Parking Office, that a recent security breach may have exposed personal information—including approximately 40,870 Social Security numbers and 200 credit card numbers.
The breach occurred on May 30, 2010, and was discovered on June 15. The system was immediately isolated, and an investigation was launched to determine scope of the breach and identify individuals who may have been affected.  
Letters were mailed to affected individuals on Saturday, July 3; recipients should begin receiving those letters on the next business day, Tuesday, July 6. In addition, an email notice will be sent to affected individuals at their most recent email address on record.
The FBI and Honolulu Police Department have been notified, and a forensic investigation has been initiated.     
To protect personal information from further unauthorized access, Social Security numbers are no longer used for parking transactions, and are being purged from all current and historic Parking Office databases. Additional security measures that are being taken include strengthening internal automated network monitoring practices, and performing extensive evaluations of systems to identify other potential security risks.
The database contained personal information, including names, Social Security numbers, addresses, driver’s license numbers, vehicle information, and credit card information of two main groups of individuals:
Note: As of 7/8/10, our ongoing investigation into this incident has more clearly defined the groups that comprise the affected 53,000 persons.  This information is added below in bold.
  1. UH Mānoa faculty and staff members employed in 1998. In addition, faculty and staff employed within the UH system in 1998 and any registered student at UH Mānoa in 1998 are included.
  2. Anyone who had business with the UH Mānoa Parking Office between January 1, 1998, and June 30, 2009. This includes:
a.       Anyone who purchased parking permits, including staff of the East-West Center, UH  
           Foundation, and Research Corporation of the University of Hawai‘i (RCUH).
b.       Any campus visitor who had a vehicle towed or appealed a parking citation.
The possibility exists that addresses will not be located for all affected individuals—predominantly visitors to the campus who either appealed parking citations or who had vehicles towed at UH Mānoa between January 1, 1998, and June 30, 2009. 
Affected individuals are encouraged to:
·       Obtain and carefully review credit reports. Order free credits reports from all three credit  agencies by going to the website at http://www.annualcreditreport.com or by calling 877-322-8228.
·       Review bank and credit card statements regularly, and look for unusual or suspicious activities.
·       Contact appropriate financial institutions immediately upon noticing any irregularity in a credit report or account.
Also, inquiries may be made by calling (808) 956-6000 on weekdays between the hours of 8:00 a.m. and 4:30 p.m., or by going to the webpage at http://www.hawaii.edu/idalert/ for answers to frequently asked questions, and other related information.  Updates will be posted as they become available.