August 2023 Data Incident UM Public Affairs

pOct 23 100 pmppNotice of Data IncidentppUniversity MessageppFAQppPrevious University UpdatesppThis notice is to inform you about an incident that involved unauthorized access to personal information maintained by the University of MichiganppWhat Happened On August 23 2023 the University detected suspicious activity on the University of Michigan campus computer network We took quick and decisive action to contain the incident including proactively disconnecting the campus network from the internet We quickly launched an investigation with the support of leading thirdparty experts Based on our investigation we have determined that an unauthorized third party was able to access certain University systems from August 23 2023 to August 27 2023ppWhat Information Was Involved The University used a dedicated review team to conduct a detailed analysis of the files included on the systems accessed by the unauthorized actor Based on this data analysis we believe that the unauthorized third party was able to access personal information relating to certain students and applicants alumni and donors employees and contractors University Health Service and School of Dentistry patients and research study participants The following provides examples of the types of information in addition to an individuals name that may have been accessed depending on an individuals affiliation with the UniversityppStudents applicants alumni donors employees and contractors Social Security number drivers license or other governmentissued ID number financial account or payment card number andor health informationppResearch study participants and University Health Service and School of Dentistry patients Demographic information eg Social Security number drivers license or governmentissued ID number financial information eg financial account or payment card number or health insurance information University Health Service and School of Dentistry clinical information eg medical record number or diagnosis or treatment or medication history andor information related to participation in certain research studiesppWhat We Are Doing As noted above after suspicious activity was detected on our campus network the University took quick and decisive action to contain the incident including proactively disconnecting the campus network from the internet and we quickly launched an investigation with the support of leading thirdparty experts We also notified law enforcement and continue to coordinate with them In addition we are continuing to work with thirdparty cybersecurity experts to take steps to harden our systems and emerge from this incident as a more secure communityppWhat You Can Do We have mailed letters to all individuals for whom we have an address and whose sensitive personal information was involved in the incident Letters were mailed on October 23 2023 Please allow at least five business days for these letters to arrive Out of an abundance of caution we are offering individuals whose sensitive information may have been involved in this incident complimentary credit monitoring servicesppAdditionally we have established a dedicated call center for questions about this incident If you believe your information was involved in this incident and did not receive a letter please call the tollfree call center number at 18889987088 from 900 am to 900 pm Eastern Time Monday through FridayppAs a general matter individuals should always remain vigilant for incidents of fraud and identity theft including by regularly reviewing their account statements and monitoring credit reports Any suspicious or unusual activity or suspicion of identity theft or fraud should be reported to the appropriate financial institution immediatelyppIn addition individuals may contact the Federal Trade Commission FTC or law enforcement to report incidents of identity theft or to learn about steps to protect themselves from identity theft To learn more individuals can go to the FTCs website at www ftcgovidtheft call the FTC at 877 IDTHEFT 4384338 or write to Federal Trade Commission Consumer Response Center 600 Pennsylvania Avenue NW Washington DC 20580ppIndividuals may also periodically obtain credit reports from the nationwide credit reporting agencies Individuals that discover information on their credit reports arising from a fraudulent transaction should request that the credit reporting agency delete that information from their credit report file In addition under federal law individuals are entitled to one free copy of their credit report every 12 months from each of the three nationwide credit reporting agencies Individuals may obtain a free copy of their credit report by going to wwwAnnualCreditReportcom or by calling 877 3228228 Individuals may contact the nationwide credit reporting agencies atppEquifax800 6851111PO Box 740241Atlanta GA 303740241wwwEquifaxcomppExperian888 3973742PO Box 9701Allen TX 75013wwwExperiancomppTransUnion800 6807289Fraud Victim Assistance DepartmentPO Box 2000Chester PA 190222000wwwTransUnioncomppIn addition individuals may obtain additional information from the FTC and the credit reporting agencies about fraud alerts and security freezes Individuals can add a fraud alert to their credit report file to help protect their credit information A fraud alert can make it more difficult for someone to get credit in an individuals name because it tells creditors to follow certain procedures to verify that individuals identity Individuals may place a fraud alert in their file by calling any of the nationwide credit reporting agencies listed above As soon as that agency processes a fraud alert it will notify the other two agencies which then must also place fraud alerts in an individuals fileppIndividuals also can contact the nationwide credit reporting agencies at the numbers listed above to place a security freeze to restrict access to their credit report Individuals will need to provide the credit reporting agency with certain information such as their name address date of birth and Social Security number After receiving their request the credit reporting agency will send the individual a confirmation letter containing a unique PIN or password that they will need in order to lift or remove the security freeze in the future This PIN or password should be kept in a safe placeppFor More Information Please know that we regret any inconvenience or concern this incident may cause you Please do not hesitate to contact us at 18889987088 if you have any questions or concernsppTo the University communityppWe are writing today to provide you with an update about the IT incident that affected our three campuses just as the academic year was getting under way in late AugustppSince we learned of the incident we have been working diligently alongside leading thirdparty experts to learn more about what occurred We conducted a thorough investigation which continues and we appreciate your patience as investigations of this nature executed well take timeppWhat Happened and How We Addressed ItppOn August 23 the University of Michigan detected suspicious activity on our campus computer network We want to assure you that as soon as we discovered this incident we immediately treated it with the utmost seriousness Importantly we took quick and decisive action to contain the incident including proactively disconnecting the campus network from the internet We quickly launched an investigation with the support of leading thirdparty experts We also notified law enforcement and continue to coordinate with themppBased on our investigation we have determined that an unauthorized party was able to access certain university systems from August 23 2023 to August 27 2023 The university used a dedicated review team to conduct a detailed analysis of the files included on the systems accessed by the unauthorized actorppWho is Affected and How We Are Supporting Our CommunityppThe investigation was comprehensive and determined that the unauthorized third party was able to access certain information including information relating to certain members of our communityppWe are currently in the process of notifying relevant individuals We understand this news is difficult and we are committed to supporting every member of our communityppWe also are posting additional information on the Key Issues page of our website and setting up a dedicated call center 18889987088 available 9 am to 9 pm ET MF to respond to your questionsppMoving Forward TogetherppPlease know that protecting the information entrusted to the university is a responsibility we take very seriously and we are committed to learning from this incidentppWe continue to work with thirdparty cybersecurity experts to take steps to enhance our systemsppThank you for your patience flexibility and support as we work to address and resolve this incident We are confident we will emerge from this challenge as a more secure community ppSincerelyppDr Ravi PendseVice President for Information TechnologyChief Information OfficerppSol BermannChief Information Security OfficerExecutive Director of Information AssuranceppWhat happenedppOn August 23 2023 the University detected suspicious activity on the University of Michigan campus computer network We took quick and decisive action to contain the incident including proactively disconnecting the campus network from the internet We quickly launched an investigation with the support of leading thirdparty experts Based on our investigation we have determined that an unauthorized third party was able to access certain University systems from August 23 2023 to August 27 2023ppWhat information was involvedppThe University used a dedicated review team to conduct a detailed analysis of the files included on the systems accessed by the unauthorized actor Based on this data analysis we believe that the unauthorized third party was able to access personal information relating to certain students and applicants alumni and donors employees and contractors University Health Service and School of Dentistry patients and research study participants The following provides examples of the types of information in addition to an individuals name that may have been accessed depending on an individuals affiliation with the UniversityppI received a letter from IDX or have been asked to contact them Who is IDX ppThe University of Michigan has engaged IDX a ZeroFox Company to provide assistance to those whose sensitive personal data was involved in the incident or who have questions about whether they were impacted We encourage you to contact IDX with any questions and if your sensitive personal data was involved in the incident to enroll in free identity protection services IDX can be reached at 18889987088 or by using the enrollment site listed in your letter if you received a letterppHow many individuals were notifiedppOn Monday October 23 2023 in compliance with our legal obligations we began the process of notifying approximately 230000 individuals whose sensitive personal data was involved in the incident through postal mail and through notice on our websiteppWhat is the University of Michigan doing in response to this incidentppAfter suspicious activity was detected on our campus network the University took quick and decisive action to contain the incident including proactively disconnecting the campus network from the internet and we quickly launched an investigation with the support of leading thirdparty experts We also notified law enforcement and continue to coordinate with them In addition we are continuing to work with thirdparty cybersecurity experts to take steps to harden our systems and emerge from this incident as a more secure communityppWhat should I do to protect my informationppWe have mailed letters to all individuals for whom we have an address and whose sensitive personal information was involved in the incident Letters were mailed on October 23 2023 Please allow at least five business days for these letters to arrive Out of an abundance of caution we are offering individuals whose sensitive information may have been involved in this incident complimentary credit monitoring servicesppAdditionally we have established a dedicated call center for questions about this incident If you believe your information was involved in this incident and did not receive a letter please call the tollfree call center number at 18889987088 from 900 am to 900 pm Eastern Time Monday through FridayppAs a general matter individuals should always remain vigilant for incidents of fraud and identity theft including by regularly reviewing their account statements and monitoring credit reports Any suspicious or unusual activity or suspicion of identity theft or fraud should be reported to the appropriate financial institution immediatelyppAre you offering credit monitoringppOut of an abundance of caution we are offering individuals whose sensitive information may have been involved in this incident complimentary credit monitoring servicesppWho can I contact if I have additional questionsppWe have established a dedicated call center for questions about this incident If you believe your information was involved in this incident and did not receive a letter please call the tollfree call center number at 18889987088 from 900 am to 900 pm Eastern Time Monday through Friday For general questions only you may email dataletterquestionsumicheduppWhat should I do if I believe I have been a victim of fraud or identity theftppAs a general matter individuals should always remain vigilant for incidents of fraud and identity theft including by regularly reviewing their account statements and monitoring credit reports Any suspicious or unusual activity or suspicion of identity theft or fraud should be reported to the appropriate financial institution immediatelyppIn addition individuals may contact the Federal Trade Commission FTC or law enforcement to report incidents of identity theft or to learn about steps to protect themselves from identity theft To learn more individuals can go to the FTCs website at www ftcgovidtheft call the FTC at 877 IDTHEFT 438 4338 or write to Federal Trade Commission Consumer Response Center 600 Pennsylvania Avenue NW Washington DC 20580ppHow can I place a fraud alert or security freeze on my accountppIndividuals may obtain additional information from the FTC and the credit reporting agencies about fraud alerts and security freezes Individuals may also periodically obtain credit reports from the nationwide credit reporting agencies Individuals that discover information on their credit reports arising from a fraudulent transaction should request that the credit reporting agency delete that information from their credit report file In addition under federal law individuals are entitled to one free copy of their credit report every 12 months from each of the three nationwide credit reporting agencies Individuals may obtain a free copy of their credit report by going to wwwAnnualCreditReportcom or by calling 877 3228228 Individuals may contact the nationwide credit reporting agencies atppEquifax800 6851111PO Box 740241Atlanta GA 303740241wwwEquifaxcomppExperian888 3973742PO Box 9701Allen TX 75013wwwExperiancomppTransUnion800 6807289Fraud Victim Assistance DepartmentPO Box 2000Chester PA 190222000wwwTransUnioncomppA fraud alert can make it more difficult for someone to get credit in an individuals name because it tells creditors to follow certain procedures to verify that individuals identity Individuals may place a fraud alert in their file by calling any of the nationwide credit reporting agencies listed above As soon as that agency processes a fraud alert it will notify the other two agencies which then must also place fraud alerts in an individuals fileppppAug 30 1030 amppDear UM communityppThank you for your patience during our recent service disruption I am happy to inform you that internet connectivity and WiFi has been restored on all UM campuses You should be able to connect as normal from any deviceppWe expect some issues with select UM systems and services in the short term and not all of our remediation efforts are complete However they will be resolved over the next several daysppWe will be posting announcements about any service interruptions on the ITS status page Please contact our Service Center for technical assistance if neededppThe investigative work into the security issue continues and we are not able to share any information that might compromise the investigation We appreciate your understanding as we continue to move through the investigative processppIn true Wolverine fashion faculty staff and students rose to the occasion and met the challenge to ensure continuity of our missionppWe extend a special thank you to the Information and Technology Services team who all worked tirelessly to address this challenge We all appreciate all you have done and continue to do to maintain the safety of our enterprise systemsppSincerelyppSanta J OnoPresidentppRavi Pendse PhDVice President for Information Technology and Chief Information OfficerUniversity of MichiganppAug 30 935 amppWhile the teams at ITS work to restore internet access on campus and additional online services here are some reminders for UM employeesppWhile a universitywide internet outage continues to affect operations at the Ann Arbor Dearborn and Flint campuses Information and Technology Services is working continuously toward restoring service Faculty staff and students can now authenticate into their UM accounts Access to cloudbased services has been restored Functioning systems are accessible from offcampus or cellular networks Updates will be shared at umichedu and umichtech on TwitterppUpdated Aug 30 940amppWhile the teams at ITS work to restore internet access on campus and additional online services here are some reminders for UM employeesppAnnual merit processing Most data was already loaded to the system before the disruption to our computer systems Merit pay changes do not take effect until Sept 1 for the Sept 30 pay date for monthly paid employees The university will monitor the situation based on the duration of the system outageppBenefits Eligible faculty staff and students who were unable to complete elections by their 30day enrollment deadline due to the system outages will be provided with additional time Affected individuals will be notified by email with instructions for completing their benefit electionsppFacilities and Operations Maintenance requests are being prioritized and delays may be required for some requestsppParking For those working on campus Logistics Transportation and Parking has lifted parking gates to ensure access for employees with proper permitsppPayroll August monthly pay ran as normal and will be paid on Aug 31 There should be no disruption for direct deposits or for those receiving hard copy paychecks August timekeeping data was used for this months payroll as entered and approved prior to the outageppProcurement Services Several systems are currently inaccessible including MMarketsite and MPathways eProcurementppPurchasing Excluding medical devices current ordering processes remain in effect with UM business units or universitycontracted suppliers that accept short codes For emergency purchases with suppliers that do not accept short codes please use a PCard Please note that 5000 is the standard credit limit on PCards unless an increase was previously requested ppFor information on your current credit limit and how much is remaining please contact JP Morgan Chase Customer Service at 8003166056 You can request a temporary PCard credit limit increase to accommodate your purchases or contact Procurement Services at procurementsupervisorsumichedu for additional assistance making emergent purchases For Michigan Medicine medical device orders please follow department downtime procedures and work closely with supply staff at each locationppRemote work Employees should consult with their direct supervisors about additional flexibility with remote work until the internet outage in resolvedppShared Services Center Phone lines to the Shared Services Center came back online Aug 29 and service requests are being received System availability remains limited so responses may be delayedppTravel and expense activity The Concur system is now accessible at Concursolutionscom Enter your full umich email address click Next and then click Sign in with SSO PCard approvals can be extended for one week Please note that expense payments are not yet being processedppIf you have internet access you can book travel through Lightning via the Travel Booking tile on Wolverine Access Please contact CTP at 8778043688 international 4022524404 or by email at umichiganctptravelservicescom for additional booking supportppAug 29 255 pmppTo the university communityppThank you for your continued patience during our ongoing online service disruption Our team of IT and cybersecurity experts has made significant progress over the past 24 hours All students faculty and staff can now authenticate into their UM accounts and access umichedu when using offcampus or cellular networks Offcampuscellular network access has also been restored to cloudbased services like Google products Canvas Adobe Creative Suite Zoom Wolverine Access Dropbox Slack Duo and moreppWe also continue to focus on restoring wiFi and internet access Further announcements will be made on umichedu and at umichtechppAug 29 1145 amppTo the university communityppThe loss of internet access and other business functions across the University of Michigan community cast an unfortunate cloud over an otherwise sunny and glorious start to the academic yearppDespite this setback our campuses were alive Monday with a wide array of activities as students greeted each other faculty members took their places in classrooms and researchers returned to their labs across our threecampus communityppI want to thank each and every one of you students faculty staff parents and visitors for your diligence and your patience as we work to resolve this situation and restore access to online services and ultimately full internet access to our campus communitiesppFaculty have adjusted their plans for their classrooms to account for the loss of internet access on our campusesppStaff have seamlessly shifted to working remotely or come to campus to welcome and assist students as they make their way from one side of campus to anotherppOur Information Technology Services teams working together with leading cybersecurity service providers are working tirelessly to resolve this disruption and I want to personally thank them for their dedication to this critical effort Already they have restored an impressive array of online tools that are accessible and functional through offcampus internet connectionsppThe investigative work into the security issue continues As noted in Mondays message to the community our UM Division of Public Safety and Security and federal law enforcement partners are involved in this investigationppWhile we will continue to share as much information as possible as this work progresses we are not able to share any information that might compromise the investigation I appreciate your understanding as we move through the investigative processppThank you again for your patience and contributionsppSanta J OnoPresidentppAug 28 150 pmppTo the university communityppWe recognize that cutting off online services to our campus community on the eve of a new academic year is stressful and a major inconvenience We sincerely apologize for the disruption this has causedppOur Information Assurance team in partnership with leading cybersecurity service providers detects deflects and mitigates a steady stream of malicious actors every hour of every dayppSunday afternoon after careful evaluation of a significant security concern we made the intentional decision to sever our ties to the internet We took this action to provide our information technology teams the space required to address the issue in the safest possible mannerppThe team is working around the clock and already has restored access to some systems Updates will be available on umichedu and on umichtech on TwitterppThat said it may be several days before all online services return to their normal levels Here are some important things to knowppThe UM Division of Public Safety and Security and federal law enforcement partners have been informed and are involvedppAgain thank you for your patience Please know the ITS teams are working tirelessly to resolve this matter as quickly as possibleppRavi PendseVice President for Information TechnologyChief Information OfficerppSol BermannChief Information Security OfficerExecutive Director of Information Assurance ppAndy PalmsExecutive Director InfrastructureInformation and Technology ServicesppppAug 28 9 amppWe apologize for the ongoing disruption On Sunday the difficult decision was made to separate the UM network from the internet to help mitigate technical issues It was not made lightly particularly given the timing with the first day of classesClasses are meeting Please check roumicheducalendarsscheduleofclasses to view public course schedules locationsWe will continue to restore systems and provide updates throughout Monday We are hopeful we will have several systems back online by Monday afternoon Updates will be available on umichedu and on umichtech on Twitter We apologize for the inconvenienceppAug 28 830 amppWhile systems currently remain offline roumicheducalendarsscheduleofclasses is now live to allow Ann Arbor students to check public course schedules locations Classes are meeting today Our next update will be made at 900 am ET Updates will be available on umichedu and on umichtech on Twitter We again apologize for the inconvenienceppAug 27 1159 pmppUPDATE Thank you for your patience Teams remain working to restore access to online services While systems currently remain offline httpsroumicheducalendarsscheduleofclasses is now live to allow Ann Arbor students to check public course schedules locations Our next update will be made at 900 am ET Updates will be available on httpsumichedu and on umichtech on Twitter We again apologize for the inconvenienceppAug 27 951 pmppUPDATE We are making progress but we are still working to resolve ongoing issues with UM online services We understand that this has a large impact for the community and we regret the timing The next update will be posted by midnight ETppAug 27 632 pmppUPDATE Due to a technology issue UM online services remain inaccessible at the moment including Google Canvas Wolverine Access and email We are working toward restoration later this evening The next update will be posted by 900 pm ETppAug 27 153 pmppDue to a technology issue internet connectivity will be intermittent or unavailable on the UM Ann Arbor Flint and Dearborn campuses starting around 145 pm on Sunday August 27 Service will be restored as quickly as possible We greatly apologize for the inconveniencep