Attorney General Investigating UConn Bookstore Security Breach

Several thousand customers may be at risk.

Connecticut Attorney General George Jepsen is investigating a recent security data breach affecting University of Connecticut Co-op consumers.

Jepsen wants specific information by Thursday on the number of customers affected, what information was taken or lost, and what the Co-op is going to identify the hacker, according to a news release from Jepsen’s office.

The attorney general and Asst. Attorney General Matthew Fitzsimmons also want to know what the Co-op, and its third-party vendor, are doing to prevent such a breach in the future.

 “The situation calls into question the effectiveness of the Co-op’s measures to protect the confidentiality and security of private information received from its customers,” Jepsen said in a news release on Jan. 13. “It is imperative that breaches of this sort do not reoccur and that affected individuals are provided sufficient protections to safeguard their information from misuse.”

A Co-op vender’s database containing customer’s names, addresses, telephone numbers, e-mail addresses and credit card numbers with expiration dates and security codes of HuskyDirect customers was hacked in December, according to a press release from the university.

The release stated that 18,000 customer accounts were accessed. Tuesday, Susan Kinsman, director of communication for the attorney general's office, said, "we know anecdotally that there have been several complaints about personal data compromised in the breach being misused."

A UConn Co-op news release said bookstore employees became aware of the data breach on Dec. 26, 2010, when they were notified by a third-party vendor that the encryption on their administrative password had been tampered with.

The university’s bookstore sent out e-mails and hard copy letters to customers once they were informed of the unauthorized access to the database.

The site has been taken offline until further notice.

While the database did not contain social security numbers, Co-op officials are encouraging customers to cancel any credit or debit cards that were used to make purchases via phone and through the HuskyDirect site.

Jepsen took it a step further and said that he expects “the Co-op to provide identity theft and credit protections to affected consumers at no charge.” 

“In this era of increasing reliance on technology, it is vitally important that all entities entrusted with nonpublic personal information employ the highest levels of data security,” Jepsen said.

For more information, customers may contact the UConn Co-op by email at HuskyCare@bookstore.uconn.edu or call 860-486-3537.

Derek Beckwith January 20, 2011 at 09:17 PM
Thanks for writing this article -- we posted a link to it on Identity Theft Daily News (www.idtheftdailynews.com) -- our news portal for information on data breaches and compliance in higher ed, health care and corporations. Colleges and universities have an added obligation to stop data breaches -- college students are among the most susceptible to identity theft. Many institutions are examining programs to increase financial literacy and financial security for their students. An example of this is CampusWatch from Identity Force -- more information about this issue can be found at www.identityforce.com/College. Thanks again for keeping people informed!


More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something
See more »