Cyberattack against UCLA Summer Sessions & International Education Office

On July 31, 2017 UCLA reported a cyberattack against a Summer Sessions & International Education Office server that contained personal information provided by students. Currently, there is no evidence that the attacker accessed or acquired this information.

We are providing one-year complimentary identity protection services from AllClear ID to eligible individuals. If you received a letter or believe you may be an affected individual, please call AllClear ID at 1-855-801-1252 (within the U.S.) or +1 512-201-2203 (international).

ALLClear ID Call Center Information

Phone
1-855-801-1252 (U.S.)
+1 512-201-2203 (international)

Hours
Monday - Saturday, 6 a.m. – 6 p.m. Pacific Time (excluding U.S. national holidays)
Closed Sunday

Frequently Asked Questions

Cyberattack against UCLA Summer Sessions & International Education Office

On May 18, 2017, we determined that an attacker gained unauthorized access to a Summer Sessions & International Education Office server that contained personal information provided by students, such as their names, addresses, dates of birth, social security numbers, health insurance subscriber IDs, and some medical information self-reported by students to our summer programs (e.g., allergies, medical conditions, medications, etc.). Extensive forensic analysis of the attack does not show that the attacker actually accessed or acquired any personal information on the server. However, we cannot conclusively rule out that possibility.

The server contained personal information provided by students, such as their names, addresses, dates of birth, social security numbers, health insurance subscriber IDs, and some medical information self-reported by students (e.g., allergies, medical conditions, medications, etc.). Not all of this data was present in every record. No medical records were stored on the affected server.

Extensive forensic analysis of the attack does not show that the attacker actually accessed or acquired any personal information on the server. However, because we cannot conclusively rule out that possibility, we are providing this notice to you.

UCLA is providing notification to the potentially affected individuals by U.S. Mail. The notice should arrive in the next few weeks. Information provided by students on or after April 13, 2016 is not affected by this cyberattack.

These services are being provided at no cost to eligible individuals.

  • AllClear Identity Repair: This service is automatically available to you with no enrollment required. If a problem arises, simply call AllClear ID and a dedicated investigator will help recover financial losses, restore your credit and medical records, and make sure your identity is returned to its proper condition.
  • AllClear Credit Monitoring: This service offers additional layers of protection including credit monitoring and a $1 million identity theft insurance policy. For a child under 18 years old, AllClear ID ChildScan identifies acts of credit, criminal, medical or employment fraud against children by searching thousands of public databases for use of your child’s information. To use this service, you will need to provide your personal information to AllClear ID. You may sign up online at  https://enroll.allclearid.com or by calling AllClear ID using your assigned redemption code.

You are encouraged to enroll in the AllClear ID services that are being provided by UCLA to eligible individuals at no cost. You may also take advantage of your right to the free fraud alert services offered by the three major credit bureaus, which will provide you with additional protection for your credit, including copies of each of your credit reports at no cost to you.

Unfortunately, we cannot enroll you in the credit monitoring service without a valid U.S. social security number. However, you are still covered by the identity repair service, and no enrollment is required. If you discover a problem, you can call at any time during the 12 months of coverage to ask questions or open a fraud case.

If you detect any suspicious activity on any of your payment card accounts, report it to your card issuer immediately. You are not responsible for fraudulent charges on your credit card if you report them in a timely manner.

AllClear Identity Repair services are being provided at no cost to eligible individuals.

  • AllClear Identity Repair: This service is automatically available to you with no enrollment required.  If a problem arises, simply call AllClear ID and a dedicated investigator will help recover financial losses, restore your credit and medical records, and make sure your identity is returned to its proper condition.

At this time, there is no indication of any misuse of personal information. However, we are providing AllClear ID services at no cost to eligible individuals, and we encourage you to review your credit report carefully for any suspicious activity.

UCLA will not contact you to ask for sensitive personal information such as your social security number or health insurance information. UCLA will only call you about this incident if you request to be called, and UCLA will not ask you for sensitive personal information. If you receive an email asking you to provide personal information in connection with this event, it is spam and should be immediately deleted. Do not provide any sensitive personal information in email.

We encourage you to visit https://www.it.ucla.edu/security/ss-ieo for updates. If you have additional questions, you may also call 1-855-801-1252 (within the U.S.) or +1 512-201-2203 (for international calls).

We provided notice as soon as practicable after forensic analysis of the attack could not rule out all risk to the personal information on the server.

UCLA has retained the services of AllClear ID to provide notification and related services. If you have additional questions, you may call 1-855-801-1252 (within the U.S.) or +1 512-201-2203 (for international calls).

You can find additional information about protecting your privacy at the California Office of Privacy Protection’s website, https://www.oag.ca.gov/privacy.