Advertisement

LETTER WARNING OF SECURITY BREACH AT UF WAS NO SCAM

 
Published Nov. 30, 2008|Updated Dec. 1, 2008

Q: I'm enclosing a copy of a letter I received yesterday from Susan Blair at the University of Florida. It did not arrive on embossed letterhead, but on plain, white paper.

The letter informs me of a security breach that compromised patient information from UF's dental program. It urges me to "take action to minimize your risk of identity theft."

I've received scam e-mails in the past and my instinct tells me this is a scam too.

Here's my reasoning:

UF was supposedly notified of this incident on Oct. 3, but it didn't notify me until Nov. 12. Why?

Why are my husband's dental cleanings in UF's files?

There is a disclaimer in the letter that says, "I emphasize that we have no evidence that any personal information has been obtained or misused." Is this intended to protect the criminal from prosecution if the recipient is crazy enough to respond?

The identity theft booklet enclosed with the letter can be picked up anywhere. It says that if you place a fraud alert on your credit report, you'll be required to provide proof of your identity. Hello?

They offered a Web site and a toll-free number to call for more information, but I don't trust either one.

If I'm wrong, I'm wrong, but if I'm right it might be helpful to other readers. It pays to be alert these days.

Kathryn and Warren Bowden

A: You're right to stay alert, but in this case your instincts were off track. The letter from the University of Florida is authentic.

A computer hacker accessed the records of more than 344,000 current and former patients, which included dental information, names, addresses, Social Security numbers and birth dates of patients dating back to 1990, according to the Gainesville Sun. Your husband must have been a patient during that time.

The breach was discovered by university staff when a server was upgraded in October.

When you visit the informational Web site UF provided, you discover that the university launched an investigation of its own, notified the FBI and made a report to the university police. An investigation would have been necessary prior to notifying patients so that it could give them a more thorough report of what happened.

It's important to note that the letter you received never asks for your personal information. It won't be asked at the Web site or on the phone with university representatives.

The letter recommends that you place a fraud alert on your credit file, a common practice when you're at risk of identity theft. The alert gives credit issuers a number to call before issuing new credit in your name because fraud may be associated with the account. Even though officials don't think any information was taken, it's probably a good idea to do this.

UF also suffered a breach in June when the personal information of nearly 12,000 students was available on the Internet. At the time, it was the largest breach the university had ever experienced.