Skip to Content

January 22, 2016 Incident

UVA Notifies Some Employees of Illegal Access to Personally Identifiable Information


Frequently Asked Questions (FAQs)


What happened?

The Federal Bureau of Investigation recently notified the University of Virginia of a data exposure following an extensive law enforcement investigation. Suspects overseas involved in this incident are in custody.

In collaboration with the FBI, the University confirmed that unauthorized individuals illegally accessed a component of our human resources system, exposing personally identifiable information of a subset of Academic Division employees. The exposure does not include UVA Medical Center information as it is on a separate system.

The incident is the result of a “phishing” email scam by which the perpetrators sent emails asking recipients to click on a link and provide user names and passwords. Once the perpetrators were able to gain access to the HR system, W-2s of approximately 1,400 employees (for years 2013 and 2014) and the direct deposit banking information of 40 employees were accessed. The University employs more than 20,000.

When did the data exposure happen?

An internal investigation determined that the perpetrators gained access to the stolen records beginning in early November 2014. The last suspected intrusion occurred in early February 2015.

What information was accessed?

W-2s for approximately 1,400 employees (for years 2013 and 2014) and the direct deposit banking information of 40 employees were accessed. The University has more than 20,000 employees.

Does the information breach include employee records within the UVA Medical Center?

No. The payroll database that was illegally accessed includes only those affected employees working within the Academic Division of the University. The incident does not include UVA Medical Center information as it is on a separate system.

Where is more information available?

Affected University employees may call toll free 1-855-907-3155 for more information about this incident.

What is the University doing to notify affected employees?

The University began notifying affected employees on January 22 via email and U.S. mail and is offering these individuals one year of free credit monitoring and identity protection services.

Why is the University notifying employees now of the data exposure?

The University has been and continues to collaborate with the FBI. Affected employees were notified as soon as it was practical, consistent with the FBI investigation.

How is this specific data exposure related to the June cyber attack originating from China of portions of the University’s IT systems?

The two incidents are unrelated. This incident occurred before the recent sophisticated cyber attack that originated in China on portions of the University’s IT systems and resulted in the University upgrading those affected systems in August. IT leadership with the support of the Board of Visitors has undertaken a security enhancement program aimed at fortifying the security of data and information stored on University resources and aiding in the prevention of future cyber attacks.

Is this incident related to previous employee reports last year of a possible data exposure involving personally identifiable information?

The University did receive several employee reports last Spring of tax fraud. The incidents were investigated and the information available to officials at that time did not indicate the fraud occurred as a result of any data exposure. However, this latest investigation by the FBI does suggest that some of the previously reported instances of tax fraud may be a result of the actions of these perpetrators.

Are the employee W-2s on University servers secured?

Employee W-2s are stored on servers with administrative, physical and technical safeguards designed to protect against unauthorized access.

What can I do to help protect my personal information?

Cyber security threats are increasing in number and complexity, and “phishing” emails are a common means that attackers use to access systems. It is critically important that every member of our community be wary of suspicious emails and other communications asking for personal information such as individuals’ user names, passwords and banking information. More information about information security is available online at http://www.virginia.edu/informationsecurity/.

How do I change my password to the Integrated System?

For the best experience with UVa Enterprise Applications and the Integrated System, use one of the supported operating systems & browsers.

See also the specific Oracle-recommended settings for Macs and important additional info & recommendations for cache-clearing and pop-up blockers.

IF YOU KNOW YOUR PASSWORD:

  • Go to the Integrated System logon page.
  • Enter your UVa computing ID and password, and click “Log in.”
  • Click on the “Preferences” link in the top right corner of the screen.
  • In the “Change Password” section of the page, enter your “Old Password,” and then enter your new password in the “New Password” and “Repeat Password” fields.
  • Click on the “Apply” button for your password change to take effect. You will see a confirmation message at the top of the screen.

IF YOU HAVE FORGOTTEN YOUR PASSWORD:

  • Go to the Integrated System logon page.
  • Click “Click HERE to re-set your password.”
  • Enter your UVa computing ID.
  • Click on the “Forgot Password” button, and a message will be sent to your email address within minutes.
  • Click the link in the email to change your password and log in.

Password Reminders:

  • Your new password must be a strong password (see next FAQ).
  • Your new password will take effect immediately in the Integrated System.
  • Your new password will be reflected in Discoverer the following day.

What is a strong password?

  • At least 8 characters long
  • Contains at least one number
  • Contains at least one letter
  • Case-sensitive; however, there is no requirement to include a capital letter or a lower-case letter
  • Contains no repeating characters
  • Does not include user name
  • Passwords should not contain special characters (special characters cause problems with Discoverer logons, especially $ and @)

Will my password expire?

  • Beginning April 24, 2014, passwords expire yearly.

Why did the system just lock me out?

  • The system will lock you out after three unsuccessful efforts to log on. If you forget your password or get locked out of the system, you can use the self-service link on the login page to reset your password. If you are unable to reset your password online, contact the HR Service Center at 434-982-0123. Your new password will not work in Discoverer until the next day.