Students and alumni petition for greater security from UC following data breach

Students and alumni express frustrations after being forced to turn to social media posts and personal networks to protect themselves following a nationwide cyberattack.

On March 29, the University of California received notice that the personal information of employees, alumni, retirees and current and prospective students were compromised following a cyberattack on the Accellion file transfer appliance. Personal information targeted in the cyberattack included individuals’ names, bank account numbers and Social Security numbers. The University has since decommissioned Accellion, according to the UCNet website.

The University sent an email to current faculty, staff, students and retirees April 2, informing recipients of the data breach and steps they could take to protect their personal information. The email included an enrollment code providing recipients with free credit monitoring and identity theft protection through Experian for a year.

[Related link: Nationwide cyberattack targets personal information of some in UC community]

UC applicants and alumni were not included in the email notification, said Stett Holbrook, a UC Office of the President spokesperson, in an emailed statement. The University is currently working to identify and notify individuals who were impacted by the breach within the next 45 to 60 days, according to the UCNet website.

Martin Diaz said he was initially unconcerned when he first learned about the UC data breach. However, after learning the cyberattack had affected his coworkers, Diaz said he signed up for Experian IdentityWorks. Diaz, a fourth-year sociology student, said he was shocked to find that his Social Security, email and phone number had been released on the dark web.

Nyla Buie, an incoming first-year human biology and society student, said she was not aware of the data breach until her peers began to discuss the incident in a UCLA class of 2025 GroupMe. She added she was not able to determine if her information was stolen because she never received an email from UCOP providing access to Experian.

Zahra Hajee, a UCLA alumna, said she also had to rely on her social networks to learn about the cyberattacks.

Hajee, who graduated in 2019, said she first learned about the cyberattacks through an Instagram post and became more concerned after seeing students’ Twitter posts about Social Security numbers being released on the dark web.

Hajee added she also did not receive an email from UCOP and had to rely on current students to inform her on the situation and how to access Experian.

“I was really grateful that a lot of the information that was curated was really put together and led by students to be able to protect other students and alumni,” Hajee said. “Time and time again, … when the administration isn’t stepping up in a way that they should be, I really see students and student leaders coming together to really fill in those gaps.”

Students also expressed frustration with the lack of urgency and clarity from the UC on the data breach.

Katie Chan, a recent graduate, said she did not think much of the cyberattack because she did not find the email from UCOP very demanding. However, after signing up for Experian, Chan learned that her Social Security number was on the dark web.

Chan said the UC should be held accountable for the cyberattack, especially considering students’ tuition costs. Chan added she wished the UC had provided students with text notifications on the cyberattack to convey a greater sense of urgency.

The UC should have provided greater transparency following the cyberattacks by holding town halls to reassure and guide students on how to protect their information, Diaz said. He added the process of understanding how to freeze his credit and use Experian by himself was confusing and time-consuming.

“UCLA and the UC system are like, we’re a community and all that, but if you’re an actual community, you’re going to be there to support (students) through the whole process,” Diaz said. “There’s students dealing with financial issues, or they’re just being overwhelmed with the pandemic and academics and adding this on top of it can lead to a breaking point.”

Hajee said the cyberattacks could create an additional layer of stress for recently graduated students who are navigating the post-pandemic job market.

“This is a time where a lot of folks are starting their full-time careers and trying to navigate that and with the added stressors of something like negative impacts on their credit … I think that’s a terrible way to start,” Hajee said.

Students have called on the UC to provide greater support and services to impacted individuals.

Hannah Stitt began a petition asking the UC to provide students with credit and identity monitoring for life after learning her Social Security number was on the dark web.

“What I was thinking is just how shortsighted it was to only offer the credit monitoring for one year when it’s not like the risk that we have now is going to suddenly go away after one year,” said Stitt, a fourth-year education and social transformation and history transfer student at UC Santa Cruz. “So that’s what motivated me to ask for extended monitoring because, in my opinion, that’s the bare minimum.”

The petition has received more than 6,000 signatures from UC alumni and students at the time of publication.

Stitt said the UCSC Student Union Assembly has since reached out to her to create a resolution with similar requests to her petition. Stitt said the resolution is still in progress, but she hopes the UCSC chancellor will see it and pass it on to the UC president.

It is not a matter of if, but when the next data breach happens, Hajee said. In the future, the UC should make information more accessible to students and alumni, she added.

“With a UC system this large, just statistically speaking, the odds are higher for these sorts of data breaches to happen,” Hajee said. “I hope the UC administration looks deep and hard to how they’re going to navigate this to make sure they have some long-term solutions that are going to be protecting students most effectively.”