In February, I was alerted to a data breach at the University of Maryland, where I went to college. Someone hacked in and got access to a whole lot of my personal information. You can read all the details about it on the UMD data security site, but here’s the important information, from the website:
A specific database of records maintained by our IT Division was breached yesterday. That database contained 309,079 records of faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses who have been issued a University ID since 1998. The records included name, Social Security number, date of birth, and University identification number. No other information was compromised — no financial, academic, health, or contact (phone, address) information.
Name, social security number, date of birth, and University ID number. That’s a lot of important information that someone now has (who knows what they’ll do with it). I think the saddest part of this whole thing is that someone now has access to my UID and I don’t think I can remember that 9 digit number myself (even though I can’t imagine it would be very useful to anyone at this point).
What Can You Do To Protect Yourself?
I received a letter in the mail detailing the data breach and the next steps. It came with some tips, like these:
- Don’t give out your personal information over the phone, through the mail, or over the Internet, unless you initiated the contact and know you can trust the person on the other side.
- Don’t carry sensitive information in your purse or wallet; Social Security Card, Bank account PIN, Insurance cards, leave them at home in a secure place.
I find it kind of funny that the one institution that has lost my personal information is giving me these tips. I was following all of these tips tips already, all it makes me think is that maybe I should not have trusted the University with my information.
Protecting Myself In The Future
I can’t steal the data back from the hackers, but I can prevent the data from being abused. The University has offered five years of free credit monitoring through Experian’s ProtectMyID product. Lauren and I signed up separately (we met at Maryland) and will now be alerted if new credit is applied for in my name or if my address is changed. The ProtectMyID membership provides access to a fraud resolution specialist who assists with the situation until it is resolved. And if I am the victim of identity theft, they cover up to $1 million with identity theft insurance.
It’s a pretty decent plan to have, and I’m glad the University provided it to me for free. Of course, I would have preferred if they didn’t let anyone access my information in the first place, but I guess that is asking for too much.
How Can You Protect Your Personal Information
I did everything right. I don’t give out my social security number unless it’s necessary, I don’t fall for phishing scams, and I don’t keep all my information in the same place (and I am very protective of my email account, using 2-step authentication to make sure nobody else can gain access to it).
The reality is that in 2014, you can’t do much to protect yourself because those looking for consumer information rarely go directly to you. They are much more likely to get loads of information from businesses that have access to tens of thousands, or even millions of users’ personal information. We saw this with Target back in October, and I’m sure we’ll see it again in the future. Be careful out there, it’s a dangerous world!