Posted On April 19, 2023 Consumer Privacy & Data Breaches
April 19 – After discovering that sensitive data held on the school’s SharePoint platform had been accessed by an unauthorized individual, University of the People (UoPeople) sent a notification of data breach to the Maine Attorney General on March 24, 2023. According to the company’s report, the event led to the disclosure of customers’ names and Social Security numbers to a third party. UoPeople started distributing data breach notification letters to all persons affected by the incident once it was confirmed that customer data was exposed.
It is critical to understand what data is at risk in the event of a data breach notification. Data breach lawyers Console & Associates, P.C. are now investigating the issue at University of the People. As part of our investigation, we are providing free consultations to anyone who believes their personal information may have been compromised by UoPeople and who has questions about the risk of identity theft, how to take preventative measures, or their legal options for pursuing compensation from the company.
Based in Pasadena, California, University of the People is a nonprofit institution of higher education that is completely tuition-free and accredited by the Distance Education Accrediting Commission. UoPeople is an online university that provides a variety of undergraduate, graduate, and professional degree and certification options. UoPeople is the first nonprofit, fully online university. The yearly income of University of the People is close to $23 million, and it employs over 200 people.
According to a report made to the Attorney General of Maine, UoPeople became aware of a potential data security breach affecting the school’s IT network in January 2022. As a result, UoPeople contacted a third-party data security company for help and launched an investigation.
According to the UoPeople review, an unauthorized third party accessed sensitive customer data stored on the university’s SharePoint platform between January 2, 2022 and January 10, 2022. Participants in the UoPeople enrollment process and admitted students utilize SharePoint.
University of the People has begun reviewing the affected files to establish what information was hacked and how many customers were affected after the discovery that sensitive customer data was made accessible to an unauthorized person. Your name and Social Security number can be among the compromised data; however, the specifics vary by individual.
Letters informing those whose personal information was stolen in the recent data security issue were sent out by the University of the People on March 24, 2023.
Companies, organizations, and even governments might all face legal consequences if they’re found to have caused a data breach. Every year, millions of people in the United States are exposed to the risk of identity theft and other crimes due to data breaches. The effects of identity theft may be devastating, yet victims often spend hundreds of hours attempting to put their lives back together. However, in more intricate scenarios, this figure may increase dramatically.
No company wants to experience a data breach, and it’s only logical that no company can take full responsibility for a breach. When hackers target a particular company, it usually results in a data breach. Cybercriminals resort to elaborate hoaxes and assaults to get access to sensitive data. Companies that remain abreast of data privacy issues and implement robust data security measures may prevent many intrusions and quickly identify the few that get through.
A data breach may be caused by a company’s carelessness in a number of ways. If, for example, an employee fails to encrypt files containing sensitive information before storing them or falls victim to a phishing scam, a company like University of the People might be held liable for a data breach.
Of course, these aren’t the only ways a company may have been careless and led to a data leak. Victims of a data breach may have a hard time determining whether they have a claim since it might be difficult for them to learn what triggered the breach. Lawyers who specialize in data breaches are currently investigating the breach.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the University of the People data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent out to affected individuals:
I am writing to notify you of a recent incident that may have involved some of your personal information.
What happened? In mid-January 2022, the University of the People (“UoPeople”) learned of a data security incident that may have involved the potential compromise of certain files in UoPeople’s IT environment. UoPeople takes seriously our responsibility to safeguard the data entrusted to us. Even before this incident, we worked diligently to constantly evaluate our cybersecurity posture and enhance the security of our network. However, we understand the concern that this issue may raise for our students and employees. Immediately upon learning of the incident, a team of third-party cybersecurity experts was engaged to investigate the cause of the incident and advise on our cybersecurity posture. As a result, we have taken remediation measures, implemented several cybersecurity enhancements, further secured our network, and will continue to evaluate additional measures we can take to harden our defenses. Importantly, the incident did not impact UoPeople’s operations – and our student online learning experience had no disruptions.
What information was involved? During the course of our investigation, we learned that from on or about January 2, 2022 through January 10, 2022, unauthorized third part(ies) may have accessed or potentially exfiltrated certain limited files from our SharePoint platform, which is primarily utilized by applicants and students in connection with enrollment in UoPeople courses. In response, UoPeople has continued to investigate and work with third-party experts to determine the full scope of this event in order to identify any additional individuals who may need to be notified. UoPeople undertook an extensive and painstaking document review process (which involved the programmatic searching and hand-reviewing of individual documents) in order to identify individuals who potentially needed to be notified of this incident. Through these efforts, UoPeople recently determined that the impacted files may have contained some of your personal information, such as your [Redacted]. Importantly, we do not have any evidence at this time that anyone has actually misused your information but are notifying you out of an abundance of caution.
What are we doing and what can you do? While we are not aware of any fraud at this time, we recommend you consider taking precautions, and remain vigilant against incidents of identity theft and fraud. As a precaution, UoPeople encourages you to review your account statements and to monitor your personal information for suspicious activity and to detect errors. Also, for your peace of mind, we are offering you one (1) year of free credit monitoring and identity theft protection through Experian. This product is being offered at no cost to you but you must activate the free product by the activation date in order for it to be effective. The activation instructions are included with this letter. We also have included some additional steps you can take to protect your information, as you deem appropriate.
For more information about this incident, please call (866) 674-3598 between the hours of 9:00 am and 6:30 pm, Eastern Time, Monday – Friday (excluding major U.S. holidays). We are fully committed to protecting your personal information and sincerely apologize for any inconvenience or concern this may have caused.