CIO'S MESSAGE - March 24, 2021

Security Alert: State Controller’s Office Data Breach

Dear Faculty and Staff,

We have learned of a data exposure at the California State Controller’s Office (SCO) - Division of Unclaimed Property.

What happened?

An employee of the SCO had their credentials compromised when they clicked on a phishing email and entered their username and password.  This action provided a threat actor access to that account for a little less than 24 hours before it was discovered and remediation occurred.

What information was involved?

The SCO believes that the compromised account had personally identifiable information contained in Unclaimed Property Reports. 

What this means to you as a CSU employee:

None of your CSU information associated as an employee was involved in the data exposure.   However, if you as an individual have records associated with Unclaimed Property with the State Controller’s Office, your data could have been exposed.

What we recommend:

  • You may access more information about this Unclaimed Property data breach.
  • You can check to see if you have Unclaimed Property records.
  • If you are affected by the breach, place a fraud alert on your credit accounts with the three credit bureaus, if you have not already done so.
    • Equifax
      • (800) 685-1111
      • Equifax Consumer Services Center
      • P.O. Box 740256
      • Atlanta, GA  30374-0256
    • Experian
      • (888) EXPERIAN [(888) 397-3742]
      • Experian Help
      • P.O. Box 4500
      • Allen, TX 75013
    • TransUnion
      • (888) 909-8872
      • TransUnion Help
      • P.O. Box 2000
      • Chester, PA 19016
  • Lastly, the State Controller’s Office has received information that some scams and possible fraud have occurred.  I strongly recommend to continue monitoring and be on the lookout for suspicious emails, phone calls, and correspondence that might be associated with this incident.

 

Cuc Du,
Information Security Officer