Vendor Breaches and Account Compromises

Vendor Breaches and Account Compromises

Internet vendors will, at times, suffer data breaches.  Sometimes the service will attempt to contact it’s account holders and other times it won’t.  Often, after some time has passed, the malicious actors who stole the original data or others who have acquired it in the meantime will release it publicly.  UMBC’s Division of Information Technology (DoIT) subscribes to a service called HaveIBeenPwned which looks for such public releases and searches them for email addresses ending in @umbc.edu.

For example, if you registered for a member’s discount card with Giant Food or signed-up for online banking and entered your email address as myname@umbc.edu,  DoIT may receive notification if a publicly released breach included that email address.  This does NOT automatically mean that your UMBC account was compromised.  If you use a different password on your Giant account than you use on your UMBC account, then your UMBC account is still secure.

If DoIT determines that your UMBC account has been compromised (or if we are unable to determine that it hasn’t), your password will be replaced with a random string of text.  You will also receive email in your Password Reset Email account (not your primary UMBC account) notifying you of the password change. 

DoIT has no way of knowing what the new randomized password is, but you can recover access to your account by going to the MyUMBC login page and selecting “Forgot your password?” (see image below).  You will then need to answer the security questions you set up for your account.  After answering correctly, a link will be sent to your designated Password Reset Email account.  If you have trouble with this, the Technology Support Center (https://doit.umbc.edu/tsc/, 410-455-3838) can assist you.