NDUS data breach highlights threat to personal, financial data
When a North Dakota University System server containing the personal information of more than 290,000 people was hacked last week, it was merely the latest incident in a constant battle for online security.
So, is anyone’s information safe anymore?
Director of the Attorney General’s Consumer Protection Division, Parrell Grossman, said while people should take precautions to protect their information, there is no guarantee any of it will work.
“You can never completely control whether you’ll become the victim of identity theft, but you can try to minimize your risk by managing your personal information cautiously,” he said.
Hackers are constantly innovating and finding new ways to access information, so as soon as a firewall is established, hackers figure out a way to get past it in a never-ending technological race with no finish line.
Grossman, said security breaches at large companies are always a possibility and all people can do is try to be cautious.
“Accidents happen,” he said. “Computer hackers are very sophisticated, persistent and capable, so there will always be these kinds of incidents.”
NDUS is offering free identity protection services through AllClear ID to those affected by the hack, though it is not known yet if any of the social security numbers or personal information on the server was actually stolen.
No registration is necessary for the service. AllClear ID will monitor all 290,000 people and take action if there is any suspicious activity noticed.
Interim Chancellor Larry Skogen said the incident is “still under investigation” as of last week, and while it is still unclear who was behind the breach, a nonprofit cybersecurity group working with NDUS said there is no indication personal data had been stolen.
“It did not appear that any of the personally identifiable information stored on the server was exfiltrated,” the center announced in a statement from NDUS.
Still, to be careful, the university system will begin sending out emails to those who could have been affected later this week notifying them of the free monitoring program.
A local problem
Grand Forks Police Department Detective Mike Jennings said the department usually receives about six calls a week pertaining to some sort of technology fraud or attempt at identity theft.
Jennings recommended never giving out personal information because many people don’t find out their identity has been stolen until they apply for some sort of loan and are denied.
Other information, such as personal identification numbers and passwords, should never be kept in one place for a thief to find, and any physical paperwork should be stored under lock and key.
If people suspect their identity has been stolen, they should notify their local police, one of the three government credit reporting agencies, and the state attorney general.
“We would investigate to the best of our ability, find out who opened the account and then they could potentially be criminally prosecuted,” Jennings said.
Alerus Financial Marketing President Chris Wolf said the bank encourages its customers to keep track of their finances to stop identity theft along with making sure their services require multiple forms of identity verification, like security questions and PINs.
“We certainly encourage them to make sure their info is secure, to monitor their accounts and to make sure the activity that’s posting to the accounts is authorized and let their financial institution know if they see anything suspicious,” he said.
But whether any monetary loss is returned or erased is up to each financial institution or credit card company.
“You would hope most would forgive it once you prove you didn’t open that account,” Jennings said.
The easiest way to monitor online identity security it to check credit scores, and Grossman said if people realize their identity has been stolen they should start a credit freeze until the issue is resolved.
“That’s the closest thing to absolute protection,” he said.
North Dakota law also requires the entity responsible for a security breach to notify the people affected by it when they become aware of the incident.
Other resources for monitoring online security are available:
- Annualcreditreport.com is a government-funded site that provides a free credit report once a year through Experian, Equifax and TransUnion.
- Ftc.gov also is a resource for checking the legitimacy of businesses on a national level, as well as a financial document retention schedule so that unneeded forms can be shredded promptly.
- The attorney general’s website, ag.nd.gov, provides a list of businesses specific to North Dakota that have been ordered to cease and desist operations.
- More information on the NDUS server breach can be found atndus.edu/data. A call center to answer any questions about the incident is slated to open in about a week.