The University of Rhode Island is investigating an information breach of about 3,000 university email accounts and passwords. An individual – who is not a student or employee of URI – allegedly collected non-public information of some current and former students, officials said in a news release last week.
Specifically, this individual allegedly collected student names, URI email addresses, passwords and students’ dates of birth, URI officials said. Spokeswoman Linda Acciardo said the affected students are mostly female, and they enrolled in the university between 2006 and 2014. The list contains mostly undergraduate and some graduate students; more than 1,200 students are former students and more than 1,100 are enrolled in classes this fall. Officials do not believe any new or transfer students have been affected.
Officials do not believe social security numbers, credit or other bank and financial information were involved in the incident. The university’s internal data network has not been breached, Acciardo said.
It is unknown exactly when the information was obtained, Acciardo said.
“We were notified by an organization that it looked like our emails have been compromised,” she said. “That organization is part of a larger investigation.”
URI Campus Police are collaborating with that organization’s law enforcement personnel; Acciardo declined to name that organization citing the ongoing investigation. The Rhode Island Attorney General’s office is not conducting the investigation, but the university has notified the state office.
In several cases, the individual allegedly also collected one or more of the students’ personal non-URI email addresses, social media accounts and sometimes the passwords associated with those accounts.
University officials are asking those affected to change all of their email and social media passwords and report any anomalies to local law enforcement. Affected students have been notified of the breach and notification was also mailed to their last known or permanent address.
The University has posted a FAQ web page regarding the security incident at web.uri.edu/public safety/data-security-issue.