More EMU Students May Have Had IDs Stolen In Data Breach
DETROIT (WWJ) - Eastern Michigan University Thursday offered more information on the possible identity theft committed against students believed to have been committed by two former student employees.
As reported initially on March 9, EMU's Department of Public Safety and federal authorities are investigating whether the former student employees, who no longer attend the university, may have taken sensitive personal information -- name, date of birth, and social security number -- from the records of other students that were housed in the offices where they worked.
The initial investigation indicated that the records of approximately 58 individuals were improperly taken, although the university does not know if the information of those persons was fraudulently used.
Six additional individuals have been identified who may also have had their information taken and used. They included students and parents of students who contacted Eastern after being notified by the IRS that their 2010 tax returns were rejected because their social security numbers were used on another filing.
Eastern has provided the information from the six individuals to authorities and they are now part of the ongoing criminal investigation.
"While the investigation remains ongoing, the university has learned the former students may have been involved in activity that involved using the social security numbers taken from EMU student records for the purpose of filing fraudulent tax returns in order to obtain a tax refund to which they were not entitled," said Walter Kraft, vice president for communications. "If the legitimate tax filer submits his/her return after his/her social security number has been used fraudulently, the tax return will be rejected by the IRS because another filer has already used the social security number."
In the meantime, EMU has offered to assist all individuals who may have been affected by this fraudulent activity, while the criminal investigation continues.
In addition, EMU continues to evaluate its processes to determine what, if any, changes or improvements can be made to help prevent a similar issue from occurring in the future.
As indicated in the initial notification, only students, not faculty or staff, are affected. EMU has already sent individual notifications to students believed to be directly affected by this incident. At this point, if students do not receive a notification, it is because the university does not have evidence that their information was used improperly.
EMU officials said that becuase their investigation remains ongoing, it is possible that not every affected person has been identified to date, and students are advised to contact EMU at (734) 487-1357 if they believe their information has been used improperly.
The university also has advised students that even if there is no reason to believe that their personal information has been accessed, students should take steps to protect themselves and their credit.
Checking credit reports periodically is one way to help spot problems and address them quickly. The Fair Credit Reporting Act guarantees access to credit reports for free once per year. Students can visit www.annualcreditreport.com to obtain a free credit report along with other useful information.
If suspicious activity is suspected on a credit report or there is reason to believe personal information is being misused, individuals should promptly call local law enforcement and file a police report. Individuals are advised to keep a copy of the report for their records. Even if there is not suspicious activity on the initial credit reports, the Federal Trade Commission recommends that people check their credit reports periodically.
Individuals may also consider placing a fraud alert on their credit files. A fraud alert tells creditors to contact the individual personally before they open any new accounts. In order to place a fraud alert, students can contact any of the three major credit bureaus listed below. As soon as one credit bureau confirms a fraud alert, they will notify the others to place fraud alerts.
* TransUnion, PO Box 6790, Fullerton, CA 92834-6790, 1-800-680-7289
* Experian, PO Box 9532, Allen, TX 75013, 1-888-397-3742
* Equifax, PO Box 740241, Atlanta, GA 30374-0241, 1-800-525-6285
Additional information, including questions and answers about the situation, is available at www.emich.edu/securitybreach-march-2011/index.php.