To our campus community,
Earlier this month, Equifax, one of the nation’s top credit reporting agencies announced a massive data breach. Equifax is one of four major credit rating services, called credit bureaus (the other three are Experian, TransUnion and Innovis). Credit bureaus collect (and sell) consumer financial data and credit ratings. On Sept. 7, Equifax announced they were hacked between mid-May through July 2017 and discovered the incident on July 29. Over 143 million records may be compromised, roughly one out of every two U.S. adults. This includes personal information such as names, Social Security Numbers, addresses and, in some instances, driver's license and credit card numbers.
While this does not directly affect the University itself, the magnitude of this latest attack illustrates the growing severity of cyber security threats and the need for each of us to be vigilant about safeguarding our online identity and data. With that goal in mind, we are passing on the following resources to raise awareness about the most common cyber security threats and the measures we can all take to help protect against them:
The Equifax Data Breach: What to Do
The Federal Trade Commission (FTC) published an article, The Equifax Data Breach: What to Do, which includes detailed information on the impact of the attack and actions you can take to protect yourself. Here is a summary:
- Monitor/freeze financial accounts. Watch your bank and credit card accounts carefully for charges you don’t recognize. Many of them have a service where they notify you (via text or email) if a bank withdraw or credit card charge is over a certain limit, or can send you daily reports of your activity. We highly recommend you enable at least one of these. Here is the contact information for each of the four credit bureaus where you can submit a credit freeze:
- Equifax: 1-800-685-1111 / 1-800-349-9960
- Experian: 1-888-397-3742
- TransUnion: 1-888-909-8872
- Innovis: 1-800-540-2505
- Beware of social engineering attacks.As with any sizable breach, criminals have already started fraud operations to take advantage of people who may have been impacted. Be warned, in the coming days/weeks, cyber attackers will take advantage of this incident and launch millions of phishing emails, phone calls, or text messages trying to fool people.
- Don’t share your info.Don’t give out personal information on the phone, through the mail/email, or over the Internet unless you’ve initiated the contact or know who you’re dealing with. Equifax and other companies will not call you so anyone claiming to be calling on their behalf are fraudulent, do not respond to them. You can always call the company at their listed customer service line to avoid fraud.
- Be careful when opening emails, clicking links, or visiting websites. Scrutinize emails from unknown sources that may be phishing attempts and report suspicious messages to consult@berkeley.eduIf you see a URL in an email you should look at it carefully to ensure it is legitimate and not a misspelling.
We are providing this information as a service to the UC Berkeley community. If you have any further questions, please follow-up with Equifax directly.
Regards,
Larry Conrad, Associate Vice Chancellor for IT and Chief Information OfficerMatt Wolf, Chief Information Security Officer
If you are a manager who supervises UC Berkeley employees without email access, please circulate this information to all.