The UC Merced Information Security team recently learned that the names, Social Security numbers, and other personal information of some members of the UC Merced community have been used to open unauthorized bank accounts at a number of financial institutions, including Capital One, Chime, Go2Bank, SoFi, Spendwell, and possibly others. Affected UC Merced community members are receiving emails from these institutions that ask them to confirm the new account by clicking a link in the email.
Based on the information we have, we do not believe that these accounts have been created as a result of a new compromise to UC Merced accounts. Instead, we suspect that the personal information being used to create these unauthorized accounts was obtained as a result of prior external data breaches in non-UC Merced information systems.
What you can do to protect yourself against this attack:
Watch out for suspicious communications - Be on the lookout for emails or physical mail notifications suggesting an account that you do not recognize has been opened. These may come in different forms, such as a notification of a new account, a request to confirm your email address, or physical debit/credit cards sent to your home address.
Alert UC Merced Information Security - If you receive an email from a financial institution asking you to confirm a new bank account you do not recognize, do not click any links in the email. Instead, forward the email to infosecurity@ucmerced.edu.
Close Any Unauthorized Accounts - If you believe an account has been opened without your permission, contact the company immediately and inform them that you believe someone has fraudulently opened an account in your name. Ask the company to close the account and confirm the closure with you once complete.
What you can do to protect yourself generally:
Monitor and set up banking alerts: Monitor your bank account(s) for suspicious transactions and report them to your bank. Ask your bank to set up online monitoring and alerts on your account.
Place a fraud alert or a freeze on your credit file: If you were impacted by this attack, we recommend that you place a fraud alert on your credit file with one of the three nationwide credit bureaus. If you were not impacted by this attack, you can still easily "freeze" and "unfreeze" your credit with each of the bureaus to stop unwanted financial transactions.
- Equifax: https://www.equifax.com/personal/
- TransUnion: https://www.transunion.com
- Experian: https://www.experian.com/
Sign up for credit monitoring: If you haven’t already done so, sign up for the Experian credit monitoring service offered by the University of California.
Protect your personal information: These five rules for protecting your personal info will help you keep your identity more secure.
Be prepared to combat identity theft: This resource for how to combat identity theft will help you be prepared should you be affected by fraudulent activity in the future.
- Image by macrovector_official on Freepik