Password Incident FAQs
Question: I received a notification via e-mail/letter from the University of Central Oklahoma about a password security incident. Does that mean someone stole my personal information?
Answer: No. The University of Central Oklahoma's investigation into this incident revealed that an unauthorized person may have changed the password to some UCOnnect accounts. Although we have no evidence that an unauthorized user has actually retrieved and is manipulating personal information, we are bringing this incident to the attention of the university community so that you can be on alert to signs of any possible misuse of your personal identity.
Question: What personal information was involved?
Answer: The University is concerned that with access to UCOnnect, an unauthorized user could view alternate e-mail addresses, financial aid records, grades, and other information. In addition, your UCO e-mail account may be accessed.
Question: Is this information still at risk of disclosure to an unauthorized person?
Answer: Although there is no evidence that an unauthorized person is using your personal information, we strongly recommend that you do the following:
- Change your UCOnnect password.
- Change your password on your alternate email account.
- Frequently check your UCO and alternate e-mail account for password resets or other activity notices from any accounts that use the e-mail for verification purposes.
- Check to ensure that your email is not forwarded to an external account – other than one that you set up and use regularly. Instructions on how to check this in your UCO Gmail account.
- For any accounts that allow the ability to send a reset code to your text messaging, you may wish to enable that feature.
- Review your online profiles; make sure you do not share information that puts you at risk for social engineering and data mining.
- A common feature used to ensure someone’s identity is a security question. This question should involve information only known by the user. If a user unintentionally posts the response to this question, an attacker could answer the security question. For example, if a user completes the security question “What was the name of your first pet?”, then writes a post talking about his first pet and includes its name, an attacker would have the information needed to defeat the security question.
Question: What should I do if I discover fraudulent use of my personal information?
- You may place a fraud alert with credit bureaus and/or periodically run a credit report to ensure accounts have not been activated without your knowledge.
- If you determine that your bank account or credit/debit card has been fraudulently used, you should contact law enforcement and your financial provider.
- For more information, review our recommended steps to take.
Question: Will the University of Central Oklahoma contact me to ask for private information because of this event?
Answer: No. In similar cases at other institutions, people have reportedly been contacted by individuals claiming to represent the University and who then proceed to ask for personal information, including passwords, social security numbers and/or credit card information. Please be aware that the University of Central Oklahoma will only contact you about this incident if additional helpful information becomes available. We will not ask for your full Social Security number. We will not ask for credit card or bank information. We recommend that you do not release personal information in response to any contacts of this nature that you have not initiated.
Question: Who should I contact if I have questions?
Answer: If you have questions about your specific account, please visit the IT Service Desk located on the first floor of Max Chambers Library. Please bring your UCO ID with you.