On September 17, 2018, Cal State East Bay’s information security team discovered that unauthorized access to certain personal information occurred on various dates between March 27, 2017 and September 2, 2018.
The university immediately commenced an internal investigation and has since learned that an unknown third-party broke into a university web application used to store records pertaining to individuals applying to and/or completing credential programs managed by The College of Education and Allied Studies, and a small number of program applicants during the period of 2009 to 2018. The compromised web application has been removed from the server and vulnerabilities have been mitigated.
While a full investigation is continuing by Cal State East Bay’s information security team, it has been determined that the unknown third-party copied a data file containing full names, addresses, dates of birth and Social Security numbers of 9,949 individuals. No financial, banking or medical information was included in the data file.
To date, the university is not aware of any reports of identity fraud resulting from this incident nor does it have any evidence to suggest that personal information has actually been misused.
The university has provided written notification to the affected individuals through the U.S. Postal Service. The notices explain the steps the university is taking to safeguard individuals against identity fraud and suggest steps that affected individuals should take as well. As part of this effort, Cal State East Bay is offering each affected individual a 12-month membership in a credit monitoring service at the university’s expense. Instructions are enclosed with the notice letter.
The notices to the affected individuals are arriving by U.S. Postal Service. However, if you believe you are affected, but have not received a notice within a week of this publication, please contact our call center at 510-885-4357.
Affected individuals are encouraged to remain vigilant and to protect against possible identity theft by reviewing financial account statements on a regular basis for any unusual activity and monitoring credit reports.