The University of Alaska announced Friday night that a February 2018 computer hacking also may have compromised some email accounts containing a wide variety of personal information and that the university is continuing to try to reach those whose accounts may have been breached.
The university has set up a toll-free hotline to answer questions about the data intrusion. Anyone with questions can call 1-866-783-5580 Monday through Friday from 5 a.m. to 6 p.m. Alaska Daylight Time.
University investigators determined in March 2018 that email accounts also may have been affected by a February intrusion that was initially thought to be limited to the changing of account passwords in the UAOnline Services system.
“Following the notification to affected UAOnline users, UA continued to investigate the unauthorized access to the UA system to confirm the full nature and scope of the activity,” Friday’s news release reads. “That investigation included a thorough review of other university systems and applications.”
“Through this review, on or around March 28, 2018, the investigation determined that an unauthorized user also may have accessed certain email accounts between January 31, 2018 and February 15, 2018,” the news release states.
The news release does not indicate how many email accounts were involved but states that outside experts were hired "to confirm the nature and scope of the email incident and identify any individuals whose information may have been present in the emails potentially subject to unauthorized access."
University officials over the ensuing months worked to determine if sensitive information existed in the email accounts and then began trying to contact account holders.
The university statement said information in the affected email accounts varies by individual but may have included the person’s “name, government issued identification number, date of birth, digital signature, driver's license number, usernames and/or passwords, financial account numbers, health and/or health insurance information, passport number, and UA student identification number.
“For certain individuals, Social Security number may also have been present in the affected email accounts.”
The university is still trying to reach some of the email account holders.
"UA is mailing individual notices where we were able to locate address information," UA spokeswoman Robbie Graham wrote in a text message response to questions Saturday afternoon. "But the forensic consultants could not find contact information for all of them, and potentially affected parties were found to reside in all states. The press release serves as a substitute notice.
"A call center has been established and individuals who potentially could be affected are being offered resources, free credit monitoring and identity theft restoration services through TransUnion," she wrote.
The email accounts included those of students, former students and others, Graham wrote. Further characterization of whose accounts might have been affected wasn't available Saturday.
“While UA has security measures in place to protect information in its care, it is also taking steps to evaluate additional safeguards and review policies and procedures in order to protect the security of information on its systems,” Friday’s announcement reads.
Contact Editor Rod Boyce at 459-7585. Follow him on Twitter: @FDNMeditor.