The University began notifying those affected today so they can take appropriate steps to prevent improper access to their email (and social network or other) accounts and to protect their personal information.
The University has reported the matter to the Rhode Island Attorney General’s Office and the URI Campus Police have initiated an investigation.
Based on the information obtained early in the investigation, it appears that an individual who is not a student or employee of URI inappropriately collected generally non-public information relating to some current and former URI students.
Specifically, this person collected the names, URI email addresses, URI email passwords, and dates of birth of approximately 3,000 current or former students, and in several cases also collected one or more of the students’ personal (non-URI) email addresses (e.g. Gmail, Yahoo, or Hotmail), and sometimes the passwords associated with those personal email addresses.
The University said there is some evidence, indicating that some URI students (or former students) personal email and/or Facebook accounts were also accessed.
Current and former students who were identified as having their URI email and passwords compromised were sent a notice this morning, and a hard copy of the letter is being mailed to their last known or permanent address. The letter includes information about the data security incident, detailed information on how to change passwords and steps the University is taking to respond to the data security incident.
The University is asking those affected to change all of their email and social media passwords as soon as possible and report any anomalies to local law enforcement. For those who did not receive an email notice today, the University does not have any indication that their emails or passwords have been compromised.
Even if you are not a current URI student, the University is recommending that you change your URI email and E-Campus password for your protection. This is standard practice when a data security incident has occurred.
URI officials believe the security incident did not include Social Security numbers, credit card information or any other financial related information.
The University has posted a FAQ web page regarding the security incident at the following link – http://web.uri.edu/publicsafety/data-security-issue/ . The web page will be updated as more information becomes available. Instructions on how to request a new URI email address will also be posted on the data security incident website and will also be sent to the affected URI email accounts.
The University is unable to confirm an exact date for the data security incident at this time. Law enforcement authorities are involved in the investigation and as more information comes to light, the University will share that information with affected parties and on the data security incident website.
The University is committed to putting measures in place to protect and maintain private information.