The University of California – Riverside issued the following notice today:
UC Riverside is reporting that campus cash registers at food services locations were compromised by a cyberhacker.
Although the problem was discovered and repaired last week, hackers may have gained access to 5,000 individual card numbers.
The campus community has been notified by email. Vice Chancellor Gretchen Bolar said that because visitors may also have been victimized, she wanted to put the word generally out to the media.
“We are doing everything we can think of to notify people,” she said. “If you used your credit or debit card at any UCR Dining Services location from Summer 2011 through November 16, 2011, you may have been affected by this breach of security,” she said. The hacker had unauthorized access to card numbers, cardholder names, card expiration dates and an encrypted version of debit card pin numbers.
The best course of action is to monitor card activity carefully, and report any suspicious activity. Any fraud should be reported immediately to the financial institution that issued the card, as well as to UCR through a website at http://ucrcreditdebitalert.ucr.edu/. The website does not request credit/debit card information.
The website provides a list of Frequently Asked Questions and includes a way to request direct contact. A number has been set up to take calls between 9 a.m. and 5 p.m. on weekdays at 1-855-827-2277.
UCR Police are investigating the incident.
An FAQ and a copy of their campus notification are also posted on their site. From the dates provided, it would appear that the uni first learned of the point of sale (POS) compromise on November 16 or 17 and started notifying people by November 23.
Although not mentioned in their notice, FAQ, or campus notification, a summary of the incident posted on their site reveals that the university became aware of the breach because several people on campus reported fraudulent charges on their credit or debit card after they used their cards at a UCR Dining Services location. In light of reported fraud, it is not clear why the uni hasn’t offered affected card holders free credit monitoring services.