Attorney General Investigating UConn Bookstore Security Breach

Connecticut Attorney General George Jepsen is investigating a recent security data breach affecting University of Connecticut Co-op consumers.

Jepsen wants specific information by Thursday on the number of customers affected, what information was taken or lost, and what the Co-op is going to identify the hacker, according to a news release from Jepsen’s office.

The attorney general and Asst. Attorney General Matthew Fitzsimmons also want to know what the Co-op, and its third-party vendor, are doing to prevent such a breach in the future.

 “The situation calls into question the effectiveness of the Co-op’s measures to protect the confidentiality and security of private information received from its customers,” Jepsen said in a news release on Jan. 13. “It is imperative that breaches of this sort do not reoccur and that affected individuals are provided sufficient protections to safeguard their information from misuse.”

A Co-op vender’s database containing customer’s names, addresses, telephone numbers, e-mail addresses and credit card numbers with expiration dates and security codes of HuskyDirect customers was hacked in December, according to a press release from the university.

The release stated that 18,000 customer accounts were accessed. Tuesday, Susan Kinsman, director of communication for the attorney general's office, said, "we know anecdotally that there have been several complaints about personal data compromised in the breach being misused."

A UConn Co-op news release said bookstore employees became aware of the data breach on Dec. 26, 2010, when they were notified by a third-party vendor that the encryption on their administrative password had been tampered with.

The university’s bookstore sent out e-mails and hard copy letters to customers once they were informed of the unauthorized access to the database.

The site has been taken offline until further notice.

While the database did not contain social security numbers, Co-op officials are encouraging customers to cancel any credit or debit cards that were used to make purchases via phone and through the HuskyDirect site.

Jepsen took it a step further and said that he expects “the Co-op to provide identity theft and credit protections to affected consumers at no charge.” 

“In this era of increasing reliance on technology, it is vitally important that all entities entrusted with nonpublic personal information employ the highest levels of data security,” Jepsen said.

For more information, customers may contact the UConn Co-op by email at HuskyCare@bookstore.uconn.edu or call 860-486-3537.