University of Central Florida president John Hitt announced Thursday that the school has been, well, hacked. Discovered at the beginning of January, the breach exposed the social security numbers and other identifying personal information of 63,000 students, former students, and faculty/staff.
The announcement, spotted by Gizmodo, notes that credit card numbers, financial records, medical records, and grades were not affected. UCF is a big community—the school enrolled 60,810 students in 2014—but it seems that the breach centered on certain groups (perhaps based on which information was easiest for the hackers to access). UCF's investigation showed that current and former student athletes, students who work for the university, and certain categories of staff are at high risk.
UCF is sending letters to everyone whose information was compromised and will offer a year of free credit and identity monitoring to them. The university is offering a website and hotline that community members can use to get information.
Hitt wrote, "Safeguarding your personal information is of the utmost importance at UCF. To ensure our vigilance, I have called for a thorough review of our online systems, policies and training to determine what improvements we can make in light of this recent incident."
The university has taken solid steps to address the hack and disclosed it fairly quickly. But it wouldn't be a public hack disclosure without a few out-of-touch comments. In answering the question, "What should I do to help protect myself from identity theft?" the University’s Q&A says, "Out of an abundance of caution, we recommend that you carefully check credit reports for accounts or inquiries you do not recognize." But it's not really an "abundance of caution" when your school has been hacked, right?