ETSU Homepage

2018年10月17日，ETSU ITS发现一名ETSU员工点击了网络钓鱼 email that resulted in an unauthorized person having access to her email mailbox. 发现后，ETSU ITS立即禁用了该员工的电子邮件访问权限，重置了 employee’s username and password, and commenced an investigation. As part of the initial 在2018年10月26日的调查中，ITS发现了第二个员工邮箱 affected. Immediately upon discovery, ETSU ITS disabled the second employee’s email 访问，重置员工的用户名和密码，并开始调查.

由于两名员工的工作职责性质，员工的电子邮件邮箱 包含了其他大学员工的个人信息. ETSU takes the privacy and security of personal information very seriously. Out of 出于谨慎考虑，ETSU决定通知所有可能受影响的员工 这一事件使员工能够采取措施保护自己的个人信息.

At this time we do not know that anyone’s personal information was actually accessed. We do know that there 是否有一段时间未经授权的人有机会访问 employees’ emails. Employees whose personal information was contained in either of the mailboxes have been notified directly with instructions.

目前，我们知道一个未经授权的人访问了这两名员工的 email mailboxes after the employees clicked on a phishing email. We do not 了解员工邮箱中包含的个人邮件是否真实 accessed. Employees whose personal information was contained in either of the mailboxes have been notified directly with instructions.

目前的调查结果表明，这些员工的电子邮件信箱中含有 包含员工姓名的电子邮件，社会保险号码和员工的 spouses and dependents, and other personal information. Employees whose personal information 是否包含在任何一个邮箱中都有直接通知指示.

There is no evidence that other ETSU systems were compromised. The ETSU network and systems, 包括Banner, D2L以及其他财务和学生信息系统 secure. Investigative findings indicate exposure is limited to the contents of two employees’ email mailboxes. Again, we do not know that the contents of the employees’ emails were actually accessed, just that the potential for access existed.

如果ETSU发现了你家庭中其他人的个人信息， 否则，被包含在任何一个邮箱中，他们的名字将被列出 on the notice you received. Because ETSU does not maintain mailing addresses or emails 对于这些人，我们已经在信中指示你通知他们 of this incident and the resources ETSU is providing. If there are any questions please call: 423-439-3338 Monday through Friday between 8am and 4:30pm.

This incident was self-discovered. An ETSU employee reported receiving a suspicious email from another ETSU employee on October 17, 2018. That same day, ETSU ITS identified 并立即采取行动保护ETSU员工的信息 data.

因为可能会暴露包括社会保障在内的个人信息 numbers, ETSU strongly encourages employees to take immediate action. Employees whose 两个邮箱中包含的个人信息已被直接通知 with instructions.

每个人都应该时刻保持警惕，监控信贷、银行和其他金融机构 transactions. You can request and receive one free credit report every twelve months from each of the three national credit bureaus. In today’s cybersecurity environment, it is best practice for everyone to continually monitor their accounts each year. For more information on free credit reports, see http://www.consumer.ftc.gov/articles/0155-free-credit-reports.

When you receive your credit reports, review them carefully. If you find any items 如果您的报告上有不明白的地方，请按上面给出的电话号码致电信用局 the report. Credit bureau staff will review your report with you.

You may wish to consider requesting a fraud alert on your credit bureau records. Requesting 欺诈警报是免费的，可以使身份窃贼更难开设账户 in your name. A fraud alert is a message that credit issuers receive when someone applies for new credit in your name. The message tells creditors that there is possible 与欺诈相关联的帐户，并提醒他们在发行新的之前与您联系 credit.

您可以在以下三个主要信用机构中的任何一个与欺诈部门联系:

• Trans Union: 1-800-680-7289 (http://www.transunion.com)
• Experian: 1-888-397-3742 (http://www.experian.com)
• Equifax: 1-888-766-0008 (http://www.equifax.com)

一旦一个信用机构确认了你的欺诈警报，其他两个信用机构 will be automatically notified to place fraud alerts.

您应该意识到，欺诈警报可能会使您更难获得 信用或处理金融交易，你应该谨慎行事 so. While it will not affect your credit, it will slow down the credit application process.

更多信息和说明可在联邦贸易委员会的 website: http://www.consumer.ftc.gov/articles/0275-place-fraud-alert

You may wish to consider activating a credit or security freeze. Requesting a fraud 或者安全冻结是免费的，可以限制访问你的信用报告，这可能 make it more difficult for identity thieves to open new accounts in your name.

To place a freeze, contact each of the nationwide credit bureaus:

• Equifax: Equifax.com/personal/credit-report-services 1-800-685-1111
• Experian: Experian.com/help 1-888-EXPERIAN (888-397-3742)
• Transunion: TransUnion.com/credit-help 1-888-909-8872

更多信息和说明可在联邦贸易委员会的 website: http://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs

如果你在信用报告上发现可疑活动或有理由相信你的 信息被滥用，你应该向联邦贸易委员会投诉，网址是http://www.consumer.gov/idtheft or at 1-877-ID-THEFT (438-4338). Your complaint will be added to the FTC's Identity Theft Data Clearinghouse, where it will be accessible to law enforcement agencies for their investigations. The FTC also will advise you on further steps to take in the event your information is being used illegally.

ETSU已经通知了执法部门和相关的州机构. ETSU采用最先进的网络安全技术，如下一代 防火墙、电子邮件安全、反垃圾邮件、反网络钓鱼和反恶意软件工具来保护 its network and systems. ETSU has already implemented a tag and warning system for untrusted external emails. Additionally, we continue to implement and evaluate technology 以及旨在减少人为错误的流程:我们目前正在修订 需要通过电子邮件发送和接收敏感数据的工作流程; 我们正在实现双因素身份验证，我们正在进行评估 required security awareness training for all employees.

你应该限制使用和披露你的社会安全号码，财务 information, and other personal information where it is not required. For example, 如果你的银行账号或个人密码是你的社会安全号码，你应该询问 the bank to give you a different number. Do not use the last four digits of your social 安全号码，你母亲的娘家姓，你的出生日期，或其他个人信息 as a password or password recovery hint. You should never share your ETSU or any other 用户名和密码与任何人共享，您不应该保存或编写这些凭据 in a place where someone can easily access them. You should use, or request to use two-factor authentication when available. You should take a closer look at the email 发件人或浏览器URL，当您被要求提供敏感信息或您的 username and password. For more information on steps you can take to practice good online safety, please visit http://www.stopthinkconnect.org/tips-advice/general-tips-and-advice.

如果你想通过电话和某人谈谈你的问题或担忧， please call: 423-439-3338 Monday through Friday from 8:00 AM – 4:30 PM. The Call Center will be closed Wednesday, November 21, Thursday, November 22, and Friday, November 23.