Release Date: May 19, 2018
The University at Buffalo’s chief information security officer is investigating and responding to a breach of external third-party accounts that appears to have compromised the login information for a large number of UB students, faculty, staff and alumni.
Our initial investigation indicates that the affected individuals’ login information was stolen when they visited a non-UB website and entered their university login information. As soon as the issue was discovered, the university took immediate steps to address the problem, secure data and mitigate the risks. Information security is a daily priority at the university and we take protection of personal information very seriously.
We are notifying all affected people to instruct them to change their user name and password. At this point, we do not have evidence that individuals’ financial, academic or private information was viewed or stolen; however we are contacting impacted individuals to make them aware of this issue and to inform them how to take precautions to protect themselves against possible misuse of their information.
This incident provides an opportunity to remind members of the university community that they should protect and secure their information every day and should not be using the same UB username and password for external services or websites.
Update (5/21/18): All the passwords have been reset for the affected accounts.