A UMBC Community Message from President Freeman Hrabowski and Provost Philip Rous

As many of you know, this week we received news of a sophisticated cyber-attack targeting the University of Maryland, College Park and the Universities at Shady Grove.

Our thoughts are with the faculty, staff, students and affiliated personnel impacted by the breach, particularly the estimated 1,200 from UMBC at the Universities at Shady Grove and any of our faculty, staff and students who may have studied or worked at College Park during the time period affected.

Specifically, our colleagues at UMCP have shared that the database breached contained 309,079 records, including all faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses who were issued a university ID anytime between 1998 and the present. If you did not receive an ID card from UMCP during that time period, you are likely not impacted.

We want to thank our colleagues at College Park who are working hard to investigate and address this issue with transparency and care for the needs of community members who have been impacted. If you think you might be one of those affected, we encourage you to visit this UMCP website for more detailed information and to learn how you can register for a free year of credit protection. UMCP is working with a company named Experian to reach out and officially contact everyone impacted by this breach. That work is underway, but will take some time to complete.

Cyber-attacks are, unfortunately, an increasingly common and dangerous threat facing our nation and the world. The interdisciplinary UMBC Center for Cybersecurity unifies many of our own capabilities in cybersecurity research, innovation, teaching and outreach, aimed at increasing our nation’s capacity to protect against cyber threats. While we are proud of UMBC’s strengths in cybersecurity, we also realize that cyber threats are a constant concern in today’s data-driven world, and we must all work vigilantly to protect university records.

For this reason, Jack Suess, vice president of information technology, will be working with IT staff and faculty cybersecurity experts to review our practices. We hope to share a report with campus senates in late spring outlining any steps that might help us improve security and even better protect privacy. If you would like to contribute feedback to this process, please email Jack Suess.

UMBC, like all institutions, is required by state and federal regulations to maintain certain data in our student and human resources records, including social security numbers. For the past decade, UMBC has only stored social security numbers when required to by regulation. We require additional security measures for those departments with access to social security numbers. Examples of these measures include elimination of administrative privileges on workstations, a dedicated department firewall, and regular training on safe computing. For additional information on UMBC’s data security and risk guidelines, please visit the UMBC Policies website.