Background – A “data breach notification” email went to customers today from a Security Analyst in the Information Security office.
A service called CloudFlare was impacted.
Per standard procedure, please call the customer first. If you don’t connect with them, leave a voicemail and send them the e-mail template.
Ticket update / e-mail template
That has been added to the ticket update templates under “Spam/phishing” called “Data breach 2-24-2017”
The contents of that e-mail template is below. A standard response for discussions with customers/e-mail template is below.
As expressed in the voice mail I left you, this is a legitimate concern. The message about “data breach” is legitimate.
A key common technology used by the list of websites you saw in the email was compromised. We recommend changing the passwords on those sites if you use *any* of them. Our previous message by no means implies you use all of those sites, you do probably use at least one of them.
If used the same password for any other account, including your Oregon State account, please change your password for those accounts as well.
Please give us a call if you have questions or need further information.
The master ticket is here:
Please link tickets to it.