The University recently became aware of possible unauthorized use of personal identity records for a number of students and applicants to the UC Davis School of Veterinary Medicine. The information below and the links to the left were developed to provide information on this security breach.

FREQUENTLY ASKED QUESTIONS:

How do we get access to the credit monitoring service?
We have established a service contract with the credit monitoring agency Experian. Details about the service and how to enroll are included in your personal email messages that were sent July 14, 2007. The website for signing up for this service is http://partner.consumerinfo.com/ucd. Please note that the University cannot sign individuals up for this service, but we are providing information on how you can sign up. The university is paying for the service as detailed in your personal email message. If you have additional questions about what is covered please contact the School of Veterinary Medicine via telephone at (530) 752-8032 or reply to your original email with the details of your question.

What if I didn't recieve an email message about the credit monitoring?
If you have not received an e-mail communication outlining access to the credit monitoring service, please e-mail deansoffice@vetmed.ucdavis.edu to inquire.

Who is affected?
Applicants to the School of Veterinary Medicine for the classes entering in 2004 and 2007 are affected by a recent computer security incident at the School of Veterinary Medicine that resulted in unauthorized access to personal identity information. Of these, 7 are current School of Veterinary Medicine students and 131 are students in the incoming class. If you are not within these notification groups, the following information is not applicable to you.

What should I do as a result of this security breach?
If you are a notification letter recipient and a current student, the university recommends that you access http://computingaccounts.ucdavis.edu to change your password and establish identity verification questions, if you have not already done so.

For all recipients of the notification letter, the university recommends that you place a fraud alert with the three major credit bureaus identified below. You can report the information to all three of the major credit bureaus by calling any one of the toll-free numbers below. You will then be sent instruction on how to get a copy of your report from each of the credit bureaus. As a possible victim of identity theft, you will not be charged for these copies, and it does not count as your one free annual credit report. We also suggest that you periodically run a credit report to ensure accounts have not been activated without your knowledge. A free credit report can be requested from https://www.annualcreditreport.com/cra/index.jsp.

If you determine that a financial account has been established using your identity without your knowledge, you should contact law enforcement, the financial agency and the major credit bureaus to place a fraud alert on your account.

The following references provide additional information about identity theft:

• Office of Privacy Protection (http://www.privacyprotection.ca.gov)
   o Federal Trade Commission website on identify theft    (http://www.ftc.gov/bcp/edu/microsites/idtheft)
• Social Security Administration fraud line at 1-800-269-0271
• Major Credit Bureau Numbers
   o Equifax 1-800-525-6285
   o Experian 1-888-397-3742
   o Trans Union 1-800-680-7289

When did the university learn of the security breach?
Several individuals reported computing account irregularities during the first week of June. Technology staff immediately reviewed the computing account system and determined the problems were traced to the unauthorized use of School of Veterinary Medicine applicant/student identity information. The campus police department was immediately notified and the police department initiated its investigation. The complete scope of the information misuse, however, was not known at this early date and technology staff continued their review to determine if the identity information misuse extended beyond those originally reporting computing account irregularities.

During the School of Veterinary Medicine admission process, applicant data, including identity information, is received from external sources and is electronically transmitted to several university computing systems to support application review, admissions and reporting. This process required the university to inspect broad information flows and many system logs to determine the source of the unauthorized access to identity information. On June 15, 2007 the university determined that its computer-security safeguards had been breached and someone had gained access to personal identity information.

How did the security breach occur?
The computer attacker was able to manipulate a university computing application to accept unauthorized commands. As soon as this vulnerability was identified, it was corrected.

Is this the first time such an incident has occurred at UC Davis?
Since 2003, when a new state reporting law took effect, there have been 16 previous instances where UC Davis has notified individuals that their personal identity information might have been subject to unauthorized access. Four of these 16 incidents occurred as a result of a successful attack on a computing system.

If I did not receive a notification letter, but want to make sure that I am not one of the affected applicants or current students, what should I do?
The university has attempted to contact all individuals whose personal identity information was accessed. If you did not receive an email or letter by July 2, 2007, you may e-mail deansoffice@vetmed.ucdavis.edu or call 530-752-8032. Calls to this number will be monitored from Monday through Friday, 8am to 5pm PDT.

Will anyone call me and offer to help me for a fee or ask for further information?
The university will not call you regarding this incident nor ask that anyone contact you on its behalf. We suggest that you refrain from responding to telephone calls which you did not initiate asking for additional personal information.

Why was my applicant identity information still in your computing systems, since I applied several years ago—when do you remove identity data from university computing systems?
Applicant information from past years is retained because we frequently have applicants who apply over multiple years and because we are frequently asked to address questions related to admissions from previous years. That information is archived and is generally not retained in a "live" database. In this case a portion of the applicant database from 2004 was separated from the primary database and not archived in accordance with the usual practice. All School of Veterinary Medicine applicant identity data has now been removed from the active database.

Will the university pay for a weekly credit monitoring service?
The University will, at its own expense, make available a one-year credit monitoring service for those affected by this incident. This service will alert participants to suspicious credit report activity. An email detailing how to engage this service was sent out Saturday, July 14, 2007 to all those affected.

Will there be any more information to follow?
We do not expect any more information to follow.

What should I do if I find out that my personal information is being used fraudulently? In addition to the steps outlined above, please contact Detective Green of the UC Davis Police Department by phone (530) 752-3277 or by e-mail (mkgreen@ucdavis.edu). On an e-mail you should also copy Lieutenant Carmichael at mecarmichael@ucdavis.edu.