Personal Information Security Alert

What happened?

As part of our Banner 8 testing, a test data file containing direct deposit payroll information was e-mailed and inadvertently sent to an incorrect e-mail address. Affected employees should assume that the data are in the hands of individuals who may misuse it. Although there is no evidence that fraud has been committed with this information, we strongly encourage you to take preemptive action to protect your bank account(s) and monitor your credit for suspicious activity.

What personal information may have been compromised?

The file contains names, bank account and routing data for direct deposit, and social security numbers.

Who is affected?

Non-student, permanent employees who were paid via direct deposit in May 2010. The College has notified all individuals whose information was contained in the file. Employees who joined the College after the May 2010 payroll and those who do not receive direct deposit were not included in the compromised file.

I am a student -- what does this mean for me?

Student data was not included in the file and has not been compromised.

What should I do to protect myself from identity theft?

• Immediately contact your bank(s) where you have direct deposit to notify them that your account information may have been compromised. They will advise you on how to proceed. The College will reimburse you for expenses incurred associated with opening/closing accounts. You can check WOL to see which accounts you have designated for direct deposit. To do so, go to School Resources -> Employee or Personal Information -> Employee Tab -> Pay Information -> Direct Deposit Breakdown 
  
  If you have changed your direct deposit information since May, you will need to consider whether the accounts used in May are still active and vulnerable.
  
  If you change your bank account number for direct deposit, you will need to file a new payroll direct deposit form with Human Resources by Sept. 17 with your new account information. If you desire regular checks rather than direct deposit, contact the WSC payroll office at 943-7028.
  • WSC Direct Deposit Form
• Place a fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. Call or file an online fraud alert with any one of the three major credit bureaus. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts.
  • Equifax: 1-800-525-6285; www.equifax.com
  • Experian: 1-888-397-3742; www.experian.com/fraud
  • TransUnion: 1-800-680-7289; www.transunion.com
• Consider engaging the services of a credit monitoring service. The College will reimburse you for six months of service and will reassess the need to continue to provide reimbursement after that time.
• Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Victim information sometimes is held for use or shared among a group of thieves at different times. Checking your credit reports periodically can help you spot problems and address them quickly.
• To file a complaint or to get free information on ID theft issues, visit www.ftc.gov/idtheft or call toll-free 1-877-IDTHEFT (877-438-4338). The FTC enters identity theft complaints into the Identity Theft Data Clearinghouse, a secure online database available to law enforcement agencies.

Will the College reimburse me for credit monitoring services and expenses associated with opening/closing new bank accounts?

Yes. The College also will reimburse for credit monitoring services for your spouse/partner if you have a joint account. Submit receipts for reimbursement to Des Pennartz in Ute Hall 239 (dpennartz@western.edu or 943-2186)

Do I need to contact PERA, TIAA-CREF, FIDELITY, VALIC and voluntary retirement accounts in addition to my bank(s)?

Your retirement account numbers were not compromised. However, because your social security number was among the compromised information, you should contact those agencies.

What is the College doing to mitigate misuse of the compromised data?

The College has alerted local authorities, the local banks and the major credit reporting agencies. We will be actively involved in any investigation.

What do I do if my information is misused?

If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call the Gunnison Police Department and file a police report. Get a copy of the police report; many creditors want the information it contains to absolve you of the fraudulent debts. You also should file a complaint with the FTC at www.ftc.gov/idtheft or at 1-877-ID-THEFT (877-438-4338). Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcers for their investigations.

Also please notify Kim Gailey, director of human resources, that you have filed a police report.

Who do I go to for help or with additional questions?

Contact Kim Gailey, director of human resources, at kgailey@western.edu or 943-3142.

What is the College doing to protect employees’ personal information and ensure that this type of incident does not occur in the future?

Western has initiated an investigation of this incident and is committed to the security of personal information. We are reviewing our policies and procedures regarding the access, storage and transmission of sensitive data. 

What types of follow-up from the College can I expect?

The College will continue to notify you as the investigation is on-going. In addition, we are setting up a comprehensive web page with frequently asked questions and additional information as it becomes available. We have constituted a committee chaired by Brad Baca, vice president for finance and administration, to review our practices and policies regarding securing data. As the committee work progresses, we will continue to update the campus community.