FAQ – Information Security Incident #2005-07-01

 The IT Security Office at California State University Dominguez Hills has compiled this list of frequently asked questions to assist users with inquiries into the 2005-07-01 computer security incident. This document will provide factual information to people affected by the incident.

1. I have reviewed the web site incident details and I still have questions. Who can I contact?

Answer: For additional assistance, call 310-243-2305 and leave a message, or fill out the inquiry form on the CSUDH web site http://www.csudh.edu/securityinfo/secincidentinquiry.htm.

2. I received a notification in the mail about a computer compromised in an office at CSUDH. Does that mean that someone got my personal information?

Answer: We know the attacker(s) used the computers to run Internet Relay Chat (ro)bots designed to mask their real IP number and/or share files. At this time, there is no evidence that suggests any data/information theft occurred. However, since the perpetrator(s) had full remote control, nothing indicates otherwise either.

3. Does that mean that someone could have looked at or changed my class schedule or transcript information?

Answer: The main student records and registration database was not on the computer that was hacked, so the intruders did not have access to transcripts or class schedule information.

4. What can I do to protect myself if the attackers did copy my information?

Answer:  Visit the State of California Department of Consumer Affairs Office of Privacy Protection for helpful information about protecting your identity.

5. How did this attack occur?

Answer: Based on a preliminary analysis the computers were compromised by means of various trojans/backdoors obtained from infected email messages, malicious web sites, and/or spyware. The intruder(s) used these to gain illegal entry and install remote control software he/she could then use to run unauthorized applications such as the BNC (ro)bots.

6. Is my information still at risk from another attacker?

Answer: Computer security is a high priority on our campus. We have taken several preventative measures to increase security and will continue to do so in order to keep pace with any new threats that emerge in the future.

7. Does obtaining a credit report affect my credit rating?

 Answer: According to the Experian web site, personal inquiries do not affect a person’s credit score.

8. Will the University pay the fee for me to receive a credit report if I decide to purchase one?

Answer: Thanks to federal law that went into effect on December 1, 2004, Californians and residents of other western states can get one free credit report a year from each of the three national credit bureaus: Equifax, Experian, and Trans Union.  Call 310-243-2305 for assistance/questions with credit reports and leave a message, or fill out the form at www.csudh.edu/securityinfo/secincidentinquiry.htm.

9. Do I need to obtain a credit report from all three agencies or is querying one sufficient?

Answer: Please visit the web sites for each of the three national credit bureaus: Equifax, Experian, and Trans Union, to obtain an answer to this question, or call 310-243-2305 for information about setting credit file alerts and getting reports from all three bureaus. 

10. If I see something suspicious on my credit report, Social Security report, or credit card or banking statements, who should I contact to investigate the activity?

Answer: The California Attorney General’s Office web site has some helpful hints on what to do if you suspect identity theft. Visit http://caag.state.ca.us/idtheft/tips.htm.

The State of California Department of Consumer Affairs Office of Privacy Protection also has various tips for assisting in this process. Visit their site regarding identity theft at http://www.privacyprotection.ca.gov/cover/identitytheft.htm.