In an unusual move, the University of Maryland yesterday announced that all those affected by a recent data breach will be offered five years of credit protection services from Experian, not the one year of credit protection services that had previously been announced (h/t DataBreaches.net).
"The coverage was extended because we were listening to our constituents, who expressed rightfully that one year just wasn’t enough," university chief communications officer Crystal Brown told the Diamondback, the school's student newspaper.
The data breach, which occurred on February 18, 2014 and was disclosed within 24 hours, may have exposed 309,079 names, Social Security numbers, birthdates and university ID numbers.
"Effective immediately, I am launching a comprehensive, top-to-bottom investigation of all computing and information systems," university president Wallace D. Loh added in a statement on the university's Web site. "This includes central systems operated by the University and local systems operated by individual administrative and academic units."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
According to Loh, the investigation will involve three key areas -- first, every database will be scanned for sensitive personal information, and will then either be purged of that data or protected more fully; second, penetration tests of the university's systems will be performed on an ongoing basis; and third, the university will review the appropriate balance between centralized (university-operated) and decentralized (unit-operated) databases.