Cal Poly Pomona is notifying students that some of their personal data may have been compromised by a security breach on the network of a third-party vendor. The breach has affected seven CSU campuses.
The vendor, We End Violence, provided the “Agent of Change” sexual assault prevention class, which was mandated by state law for all students enrolled during spring quarter 2015.
No social security numbers, driver’s licenses or credit card information were compromised. The data involved is: Student name, Bronco ID, email address, the Agent of Change user ID (set by the student), and the Agent of Change password (set by the student). In addition, there was an optional survey that asked questions about students’ characteristics. This information may have been compromised as well.
The university is recommending students take the following steps to protect their accounts:
- Change their password immediately by visiting the Identity Management Services page.
- Change the password any other personal accounts where they may have used the same login information.
- Be aware of phishing attempts and follow the suggestions on the IT Service Desk’s Phishing page.
- Never provide a user ID or password in email.
- Never reply to emails asking for personal or financial information.
- Expect to receive additional information from the third-party vendor, We End Violence, which provided the Agent of Change training.
“Our students entrust us with their information, and it’s our job to ensure it stays secure,” says Vice President of Information Technology John McGuthry. “It is regrettable that this incident occurred, and we are working with the CSU Chancellor’s office and the vendor to minimize impacts to those who were affected.”
Affected students may receive an email from the vendor, We End Violence, with additional information about securing their accounts and precautions they should take.