Data Security Incidents Outside The University of Texas at Austin
by Roy Ruiz, Director, Technology Resources (released May 3, 2011)
Recent media reports of data security breaches at Epsilon Marketing, the Texas Comptroller’s Office, and the Sony PlayStation Network have generated many calls to TRecs asking for additional information and guidance.
About the recent security breaches
Because we weren’t directly involved in any of the incidents, we don’t have additional information beyond what is generally available to the public at large. However, we have summarized below brief descriptions of the incidents. If you believe you have been individually impacted, refer to one of the following Web sites for additional information:
Epsilon Marketing - On March 30, 2011, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's e-mail system. Epsilon’s clients include companies such as Chase, Citibank and Best Buy. The information that was obtained was limited to client customer e-mail addresses and/or customer names only.
The Texas Comptroller’s Office – On March 31, 2011, the Texas Comptroller’s Office discovered it had inadvertently posted files containing the personal information of about 3.5 million Texans. Employees with Teachers Retirement System accounts may be impacted. The Texas Comptroller’s Office is offering credit report monitoring at no charge to those affected.
Sony PlayStation Network – On April 20, 2011, Sony turned off its PlayStation Network in response to an April 19 external intrusion into their system. The following PlayStation individual account information was possibly obtained by the intruder: name, address, country, e-mail address, birth date, PlayStation Network/Qriocity password, login, and handle/PSN online ID. If an account holder provided credit card data through PlayStation Network or Qriocity, it is possible that the credit card number (excluding security code) and expiration date were also obtained.
How you can protect your digital identity
While we are unable to provide additional details on these specific events, TRecs can provide general guidance on protecting and monitoring your digital identity.
You are the first line of defense in protecting your digital information. Your internet browsing behavior and the behavior of the people that use your computers at work and at home are the most important aspects of keeping your information safe. If you follow these brief guidelines, you will strengthen the security of your digital data:
- Use strong passwords (long, with both numbers and alphabetic characters)
- Do not click on links from unsolicited e-mail, even if they are from companies with whom you do business. Use the information from trusted sources such as your monthly statements
- Do not send your password to anyone
- Use only well-known company sites
As part of monitoring your identity information, you should:
- Check your credit reports at least 3 times a year
- If you believe your data has been exposed, sign up for a credit monitoring service:
- Sign up for a 90-day fraud alert for free. Keep in mind that if you do not want to be charged, you will need to cancel the service before the 90 days are over.
- Sign up for credit monitoring
- Monitor your credit card balances
Personal digital data on individuals is part of the world we live in today. Be prudent and have a strategy to protect and monitor activity around your individual data, because we have all been digitized in some way or another.
For help with your data security questions, please e-mail firstname.lastname@example.org.