Thousands of URI Email Accounts Compromised

The University of Rhode Island has notified about 3,000 of its e-mail users of a data breach.

A person who is not a student or employee of URI “inappropriately collected generally non-public information relating to some current and former URI students,” said university spokeswoman Linda Acciardo in a news release.

There is also evidence that some URI students’ email and Facebook accounts were accessed, which means the contents of emails, private messages and other personal information may have been viewed.

“Current and former students who were identified as having their URI email and passwords compromised were sent a notice this morning, and a hard copy of the letter is being mailed to their last known or permanent address,” Acciardo said. “The letter includes information about the data security incident, detailed information on how to change passwords and steps the University is taking to respond to the data security incident.”

URI contacted the state attorney general and the campus police and an investigation is ongoing.

So far, the exact date of the breach has not been determined.

The investigation shows that Social Security numbers, credit cards and other pieces of financial information were not part of the incident, though such information could have been nestled in the emails of the compromised accounts.

The University has posted a FAQ web page regarding the security incident at the following link - http://web.uri.edu/publicsafety/data-security-issue/ . The web page will be updated as more information becomes available. Instructions on how to request a new URI email address will also be posted on the data security incident website and will also be sent to the affected URI email accounts.

The school did not say how it discovered the breach, or exactly how it was carried out.

The nature of the breach — an individual who is not a student or or employee of URI ”inappropriately collected” email addresses, passwords and dates of birth, and in some cases, personal (Gmail, Yahoo, Outlook) email address and passwords — suggests someone either infiltrated the university’s computer system or poached information from the network as it was transmitted over WiFi or over the network.

The major concern for affected users isn’t so much the annoyance of changing a password or getting locked out of a Facebook account. It’s the fact that one or more people had the ability to rifle through and read personal emails and messages.

“There is some evidence, in the information we have received, indicating that some URI students (or former students) personal email and/or Facebook accounts were also accessed,” the FAQ states.