Frequently Asked Questions on April 2012 Inadvertent Security Release Incident

What Happened?
What Personal Information Was Contained in the File?
How Did This Happen? What is Columbia Doing to Safeguard Against a Recurrence?
How is Columbia Notifying Potentially Affected Individuals?
Which of My Bank Account Numbers Was Affected?
I Would Like to Close my Bank Account and Open a New One. What Should I Do?
Which Address Was Contained in the File?
What Should I Do Now To Protect Myself? What is Columbia Doing to Protect Me?
What Does the Experian Service Being Offered by Columbia Provide to Me?
How Do I Sign Up for the Experian Service?
What Should I Do If I Have Trouble Enrolling in the Experian Service?
What If I Have Additional Questions for Columbia?

What Happened?

A Columbia University Information Technology programmer inadvertently and erroneously saved a file on a University web server that could be accessed from outside Columbia. Unfortunately, that file contained personal information of some individuals who received direct deposit reimbursement from Columbia.

Columbia learned of the incident for the first time on April 16, 2012, and immediately disabled access to the file.  It also verified that the information contained in the file is not currently available on the Internet.

What Personal Information Was Contained in the File?

The file contained names, addresses, social security numbers, and bank account numbers. The bank account numbers were those used in 2010 for direct deposit reimbursement of expenses (or, in some cases, for payment for services) from Columbia. The file did not contain the name or routing number for the bank or financial institution associated with the bank account number, just the account number itself.

How Did This Happen? What is Columbia Doing to Safeguard Against a Recurrence?

Columbia is investigating, and this incident appears to have been an isolated, unintentional incident. We do not have evidence of wrongdoing or identity theft. Access to the file has been disabled.

Information security is a serious issue for the University. Columbia continues to strengthen its measures to protect sensitive information, including the implementation of additional tools to search for sensitive information inadvertently placed in locations that are not secure. Columbia is also strengthening its policies and procedures on where sensitive information should be stored on its systems.

How is Columbia Notifying Potentially Affected Individuals?

Individuals potentially affected by this incident are receiving a letter via postal mail.

Which of My Bank Account Numbers Was Affected?

If you requested that expense reimbursement or payment for services be direct deposited, the account number you had used for direct deposit in 2010 is the one that was affected. The file did not contain the name or the routing number for the bank or financial institution where that account number came from, just the account number itself.

Also, for current and former employees, this concerns the bank account you used for expense reimbursement or service payments only; if you used a different bank account for expense reimbursements or service payments in 2010 than you did for payroll, this is your 2010 bank account for expense reimbursements or service payments, not your payroll bank account.

I Would Like to Close my Bank Account and Open a New One. What Should I Do?

Because procedures vary from one bank to another, we recommend contacting your financial institution’s customer service team and following their protocol.

Many banks have policies to waive certain fees if fraud is suspected. We encourage you to ask your financial institution to waive any such fees. If, however, your financial institution will not waive such fees, the University will reimburse you for any real costs you may incur in the process of changing bank accounts because of this incident. To obtain reimbursement, please:

  • Fill out the University’s expense reimbursement form at:
    http://finance.columbia.edu/content/travel-business-report-form-workbook-locked
    • Include your receipts or other proof of expenses
    • Include the mailing address where you prefer to receive your reimbursement check
  • Submit the expense form and your receipts or other proof of expense to:
    • Attn: Lou Bellardine
      Vice President, Human Resources
      615 West 131st Street, Mail Code 8704
      Studebaker, 4th Floor
      New York, NY 10027
      Secure Fax: (212) 851-7025

If you encounter difficulties in dealing with your bank, please call the hotline we have established for this incident, (877) 634-9071, and we will assist you with your bank.

Important: If you are deciding whether to close your bank account, and it is the same account you are using for payroll and/or expense reimbursements, we recommend that you update your payroll and reimbursement direct deposit information:

You may want to discuss with your bank the possibility of placing your account on a restricted status in order to ensure that no checks are paid out of the account but direct deposits are still credited into the account. You may also want also to contact Columbia’s help line for this incident at (877) 634-9071 to enable us to ensure smooth payroll and reimbursement processing.

If you have already closed your account and have questions about your payroll, please call Columbia’s help line for this incident at (877) 634-9071.

In talking with your bank about whether, how, and when to close your account, you might want to direct the following questions to your bank’s fraud department:

  • What options do I have regarding my account?
  • Should I close my account? If so, are there any fees associated with opening a new account, and will you waive them?
  • What is restricted/blocked/no check status and how does it work?
  • Can my account be placed on restricted/blocked/no check status until all my deposits are credited?
  • Is there a way I can ensure that specific checks or electronic banking transactions are processed, but not others, until the account is finally closed?  
  • What other measures do you suggest I take to protect my bank account?

Which Address Was Contained in the File?

The file contained the address you provided to the University as of January 2010 in order to receive direct deposits of expense reimbursements or payments for services.

What Should I Do Now To Protect Myself? What is Columbia Doing to Protect Me?

Columbia is offering affected individuals a two-year subscription to a credit monitoring service from Experian, at no cost. If you are interested in participating in the Experian service, you must enroll by September 15, 2012, using the personal redemption code that was included in the letter you received from Columbia about this incident.

If you do not wish to participate in the Experian protection plan, or even if you do, you may also wish to take other precautions outlined in the letter you received from the University. For example, you may wish to activate a fraud alert with the three major credit reporting agencies:

What Does the Experian Service Being Offered by Columbia Provide to Me?

Experian’s service is called ProtectMyIDTM. If you choose to participate, once your ProtectMyIDTM membership is activated, Experian will monitor your credit report daily and will send you credit alerts on any key changes in your credit report, which could include new inquiries, new credit accounts, delinquencies, or medical collections found on your Experian, Equifax, and Trans Union credit reports. The ProtectMyIDTM service also includes consulting services to answer questions you may have as well as insurance that affords protection if you are a victim of identity theft.

For further details about ProtectMyIDTM, please contact Experian’s customer care team at Experian’s dedicated Columbia hotline with enhanced customer service, (888) 451-6553.  The dedicated hotline operates 9:00 a.m. - 9:00 p.m. EST Monday to Friday, and 11:00 a.m. - 8:00 p.m. EST on the weekend.

How Do I Sign Up for the Experian Service?

You can sign up for the credit protection plan using the personal redemption code you received in the mail, either on Experian’s website, www.protectmyid.com/redeem, or over the phone at Experian’s dedicated Columbia hotline, (888) 451-6553.  The dedicated hotline operates 9:00 a.m. - 9:00 p.m. EST Monday to Friday, and 11:00 a.m. - 8:00 p.m. EST on the weekend.

What Should I Do If I Have Trouble Enrolling in the Experian Service?

If you experience any trouble enrolling in the ProtectMyIDTMAlert service, please contact either our help desk at (877) 634-9071, or Experian's dedicated Columbia hotline with enhanced customer service at (888) 451-6553, for assistance.  The Columbia help desk is open from 9:00 a.m. - 5:00 p.m. EST Monday to Friday; Experian's dedicated hotline operates 9:00 a.m. - 9:00 p.m. EST Monday to Friday, and 11:00 a.m. - 8:00 p.m. EST on the weekend.

What If I Have Additional Questions for Columbia?

Please call us toll-free at (877) 634-9071, 9:00 a.m. - 5:00 p.m. EST, Monday through Friday. Local or international callers may use (212) 851-2888 to contact our help desk.