The personal payroll information for approximately 11,000 UC Santa Barbara employees may have been exposed, leading to reported cases of identity theft and check fraud.
A criminal investigation has been launched into the data breach, which UCSB first noticed last month, according to university spokesman George Foulsham.
UCSB believes the unauthorized access to archival payroll data — employees’ first and last names, social security numbers and banking information — actually occurred last November, however, Foulsham said.
He did not provide a more specific number for employees actually affected.
In a letter to the university community earlier this month, Business and Financial Services Department Director Jim Corkill said the investigation began after the university noticed an increase in the number of employees with direct deposit reporting check fraud on personal bank accounts.
Fraudulent checks were passed at retail establishments in amounts that were generally in the range of $50 to $100, Corkill wrote, but employees have since confirmed that all charges have been reversed.
“We deeply regret that any of our community members were affected by this unauthorized access,” he wrote in the letter.
“We are fully committed to working with anyone who may have been affected by this incident, and we will help to resolve any possible unexpected financial issues in the future.
“In response to this incident, we have taken measures to prevent this type of unauthorized access. These steps include a review and strengthening of processes for the management and storage of archived personal information. The university is also examining systems to identify personal data that may legally be omitted from future archival records.”
UCSB is also contracting with ID Experts to provide free credit monitoring and identity-theft insurance coverage for up to $20,000.
Employees must enroll within three months to take advantage of the FraudStop services.