Skip to Main Navigation
Skip to Main Content
 

January 19, 2006 | 5:00 p.m.

Read the updated UT Dallas press release.

December 13, 2006 | 4:10 p.m.

Read the updated UT Dallas press release.

December 13, 2006 | 3:45 p.m.

Read Dr. Daniel's e-mail update to the campus.

December 12, 2006 | 1 p.m.

Read the UT Dallas press release and a Statement from President Daniel.

December 12, 2006 | 12 Noon

Read Dr. Daniel's first e-mail to the campus.

Lea esta página en Español.

What happened?

University staff discovered a potential system weakness which may have inadvertently resulted in exposure of some individuals’ personal information. At this time it is known to potentially affect approximately 35,000 faculty, staff, students and others. The individuals whose information is known to be involved at this time include:

  • In the Erik Jonsson School of Engineering and Computer Science, students and faculty as well as applicants for admission dating back as far as 1993.
  • All staff and faculty of the University who were employed from January 1999 through August 2005.
  • 29,000 UT Dallas library patrons

Investigation is ongoing and any further potential exposure will be reported to the university community and those affected.  Information will be added to this Web site and will be announced on the university homepage.

Was any information misused?

There is no indication that any individual’s information has been misused at this time but we cannot rule out the possibility of some future misuse.

What information could have been exposed?

It is possible that information including names, addresses, phone numbers, Social Security numbers and email addresses could have been exposed.

How would this have occurred?

Some of this information must be collected by the University to comply with federal and state requirements and to perform essential functions consistent with its mission. Other information may have been collected and saved a number of years ago, before the current system of creating a unique university identification number in place of Social Security numbers for some purposes was created in January 2005. This data was stored long ago as a back up on a computer hard drive that now has been identified as having been put at risk. 

The University of Texas at Dallas has adopted a policy concerning the protection of SSNs.  The University also complies with the requirements for the protection of SSNs outlined in The University of Texas System Business Procedures Memorandum 66.

As awareness grows, business processes are being changed; improvements are being made every day. However, constant vigilance and a healthy sense of caution are necessary to keep the systems we develop safe. This recent attack has underscored the importance of our work and gives even greater focus to our continuing effort to create better and safer systems. We continue to identify and remove potential vulnerabilities wherever possible.

Was my information exposed if I used a web application?

No, web applications were not compromised.

What did the university do when the problem was discovered?

University staff developed a method for locating computers that could be at risk.  These computers were shut down as they were identified.  They were scanned to determine if any data could have been exposed.  Those systems that were determined to be at risk will be reformatted. Their operating systems will be reinstalled.  Every effort will be made to work with anyone facing critical deadlines on research and other work.

How can I determine if my information was exposed?

Please give us contact information so that we can notify you if your information was at risk of exposure.  We will answer each query received as soon as possible. Call 972-883-3886 for more information.

If I was one of the people affected by this incident, does this mean that I’m a victim of identity theft?

No. The fact that someone may have viewed this information does not mean you are a victim of identity theft or that any information was accessed for the purpose of committing fraud. We do not know if your information was even viewed. However, we believe it is important that you know about the incident so that you can take any steps you feel appropriate to protect yourself.

What do I do now?

The next time you log on to the university network, if the HealthCheck of your PC shows no risk, please change your NetID password immediately. Every member of the campus community is asked to take this step. Your workstation or laptop will be scanned each time you go on the university network.  You will either receive a message confirming your PC’s clear status, or instructions on what to do next.

If I might have been affected, what do you recommend I do now?

Please visit the http://www.utdallas.edu/datacompromise/resources.html page for information.

What are you doing to prevent this in the future?

Data security experts and other information technology specialists are working toward implementing a solution to prevent a recurrence of this event.   We are committed to enforcing existing standards and developing new standards as needed to safeguard the integrity of our systems and protect the data with which we have been entrusted.

The University of Texas at Dallas understands the importance of maintaining the privacy of sensitive data. We take this matter very seriously, and continue to work diligently to ensure that our policies and technical security measures promote the integrity and confidentiality of such records.

What do I do if I have other questions?

If you have other questions, please e-mail datacompromise@utdallas.edu.

The University of Texas at Dallas gratefully acknowledges the assistance of The University of Texas at Austin in compiling this information.

Updated: July 29, 2008