Oklahoma State University: The STATE's University
Visit the OSU Home Page

Frequently Asked Questions

General

Q. If my information was among the files exposed or stolen, does this mean that I'm a victim of identity theft?
A. No. The fact that someone may have had access to your information doesn't mean you are a victim of identity theft or that they intend to use the information to commit fraud. We wanted to let you know about the incident so that you can take appropriate steps to protect yourself. The best way to protect yourself is to place a free fraud alert on your credit files and review your credit reports. But you also should carefully review any bills or financial transactions you receive in the near future to ensure that the charges associated with your accounts are accurate.

Q. How will I know if any of my personal information was used by someone else?
A. The best way to find out is to obtain your credit reports from the three major credit bureaus: Equifax, Experian and Trans Union. If you notice accounts on your credit report that you did not open or applications for credit ("inquiries") that you did not make, these could be indications that someone else is using your personal information, without your permission.

Q. Do I have to pay for the credit report?
A. No. You are entitled to receive one free credit file disclosure every 12 months from each of the nationwide consumer credit reporting companies - Equifax, Experian and TransUnion. This free credit file can be requested at https://www.annualcreditreport.com/cra/index.jsp, by phone or by mail.

Q. How else can I request my free annual credit file disclosure?
A. If free credit reports are available in your state through the Annual Credit Report Request Service, you can request a free annual credit report by phone or mail and it will be mailed within 15 days. Or you can receive a report immediately by visiting https://www.annualcreditreport.com/cra/index.jsp, which also provides information on how to request a free annual credit report by phone or mail.

Q. Should I order all my credit file disclosures at one time or space them out over 12 months?
A. You are entitled to receive one free credit file disclosure every 12 months from each of the nationwide consumer credit reporting companies through the Central Source. It is entirely your choice whether you order all three credit file disclosures at the same time or order one now and others later. The advantage of ordering all three at the same time is that you can compare them. (However, you will not be eligible for another free credit file disclosure from the Central Source for 12 months.) On the other hand, the advantage of ordering one now and others later (for example, one credit file disclosure every four months) is that you can keep track of any changes or new information that may appear on your credit file disclosure. Remember, you are entitled to receive one free credit file disclosure through the Central Source every 12 months from each of the nationwide consumer credit reporting companies - Equifax, Experian and TransUnion - so if you order from only one company today you can still order from the other two companies at a later date.

Q. What is a fraud alert?
A. A fraud alert is a message that credit issuers receive when someone applies for new credit in your name. The message tells creditors that there is possible fraud associated with the account and gives them a phone number to call (yours) before issuing new credit. When you call the credit bureau fraud line, you will be asked for identifying information and will be given the opportunity to enter a phone number for creditors to call. Detailed information on requesting such an alert is located near the end of the Resources page of this website.

Q. What should I look for on my credit report?
A. Look for any accounts that you don't recognize, especially accounts opened recently. Look at the inquiries or requests section for names of creditors from whom you haven't requested credit.

Note that some kinds of inquiries, labeled something like "promotional inquiries," are for unsolicited offers of credit, mostly from companies with whom you do business. Don't be concerned about those inquiries as a sign of fraud. (You are automatically removed from lists to receive unsolicited pre-approved credit offers when you put a fraud alert on your account. You can also stop those offers by calling 888-5OPTOUT.)

Look in the personal information section for addresses where you've never lived. Any of these things might be indications of fraud. Also be on the alert for other possible signs of identity theft, such as calls from creditors or debt collectors about bills that you don't recognize, or unusual charges on your credit card bills.

If you find items you don't understand on your report, call the credit bureau at the number given on the report. Credit bureau staff will review your report with you. If the information can't be explained, then you will need to call the creditors involved and report the crime to your local police or sheriff's office.

Q. What happens if I find out that I have been a victim of identify theft?
A. You should immediately notify your local law enforcement agency, contact any creditors involved and notify the credit bureaus.

Q. I called the credit bureau fraud line and they asked for my Social Security number. Is it okay to give it?
A. The credit bureaus ask for your Social Security number and other information in order to identify you and avoid sending your credit report to the wrong person. If, however, you are contacted by individuals claiming to represent the University regarding this or some other security incident, and who then proceed to ask for personal information, we recommend caution. Please be aware that OSU will only contact you with information regarding steps you should take to prevent possible fraud or identity theft; or if you ask us, by email or telephone, for information. We will not ask for your full Social Security number. We will not ask for credit card or bank information. We recommend that you do not release personal information in response to any contacts of this nature that you have not initiated.

Q. Do I have to call all three credit bureaus?
A. No. If you call just one of the bureaus, they will notify the other two. A fraud alert will be placed on your file with all three and you will receive a confirming letter from all three.

Q. Why can't I talk to someone at the credit bureaus?
A. You must first order your credit reports. When you receive your reports, each one will have a phone number you can call to speak with someone in the bureau's fraud unit. If you see anything on any of your reports that looks unusual or that you don't understand, call the number on the report.

Q. How long does it take to receive my credit report?
A. It could take about 20 days from the day you call the credit bureaus. It takes about 5 to 10 days from the time you call the credit bureaus to get your fraud alert confirmation letter with instructions on ordering your credit report. You should receive your reports in another 5 to 10 days from the time you order them.

Q. How long does a fraud alert last?
A. An initial fraud alert lasts 90 days. You can remove an alert by calling the credit bureaus at the phone number given on your credit report. If you want to reinstate the alert, you can do so. If you are the victim of identity theft, you can place an Extended Fraud Victim Alert on your report by submitting a copy of a valid identity theft report that you have filed with a federal, state or local law enforcement agency. An Extended Alert will remain on your report for seven years.

Q. Will a fraud alert stop me from using my credit cards?
A. No. A fraud alert will not stop you from using your existing credit cards or other accounts. It may slow down your ability to get new credit. Its purpose is to help protect you against an identity thief trying to open credit accounts in your name. Credit issuers get a special message alerting them to the possibility of fraud. Creditors know that they should re-verify the identity of the person applying for credit.

Q. Can I still apply for credit after I place a fraud alert on my credit report?
A. You should still be able to get credit. While a fraud alert may slow down the application process, you can prove your identity to a prospective creditor by providing identifying information.

Q. Should I contact the Social Security Administration and change my Social Security number?
A. The Social Security Administration very rarely changes a person's SSN. And the mere possibility of fraudulent use of your SSN would probably not be viewed as a justification. There are drawbacks to doing so. The absence of any history under the new SSN would make it difficult to get credit, continue college, rent an apartment, open a bank account, get health insurance, etc. In most cases, getting a new SSN would not be a good idea.

Q. Should I close my bank account?
A. No, we did not have any bank account numbers on file. (As a general privacy protection measure, you should limit the use of your SSN where it's not required. For example, if your bank account number or PIN is your SSN, you should ask the bank to give you a different number. Do NOT use the last four digits of your SSN as a password for financial transactions.)

Q. Should I close my credit card or other accounts?
A. No, no account number information was among the items of personal information compromised in the breach. (As a general privacy protection measure, you should always look over your credit card bills carefully to see if there are any purchases you didn't make. If so, contact the card company immediately.)

Q. Will OSU contact me to ask for private information because of this event?
A. In similar cases at other institutions, people have reportedly been contacted by individuals claiming to represent the University and who then proceed to ask for personal information, including social security numbers and/or credit card information. Please be aware that OSU will only contact you with information regarding steps you should take to prevent possible fraud or identity theft; or if you ask us, by email or telephone, for information. We will not ask for your full Social Security number. We will not ask for credit card or bank information. We recommend that you do not release personal information in response to any contacts of this nature that you have not initiated.

Q. I receive e-mails from E-Bay, PayPal, and other online resources including banks, does this mean my identify has been stolen?
A. No, these types of fraudulent e-mails have been around for many months and are not related to the theft of your identity. However, always be on the lookout for these types of fraudulent e-mails. Don't give out personal information on the phone, through the mail or over the Internet unless you've initiated the contact or are sure you know who you're dealing with. Identity thieves may pose as representatives of banks, Internet service providers (ISPs) and even government agencies to get you to reveal your SSN, mother's maiden name, account numbers, and other identifying information. Before you share any personal information, confirm that you are dealing with a legitimate organization. Check an organization's website by typing its URL in the address line, rather than cutting and pasting it. Many companies post scam alerts when their name is used improperly. Or call customer service using the number listed on your account statement or in the telephone book. For more information, see http://onguardonline.gov/phishing.html

Q. Why did you have my personal information?
A. You provided this information to us when you applied to Oklahoma State University, or during your tenure as a student or employee here. Oklahoma State, like other institutions, maintains records of all employees and students who have attended the University.

Q. Didn't OSU quit using Social Security Numbers after the laptop incident?
A. Each student is assigned an eight-digit campus-wide identification number (CWID) when they apply to OSU. The student’s SSN is still retained for admission and financial aid purposes but is not used as the primary identifier. When faculty and staff are entered into the human resources system, they are also assigned a CWID. The SSN is retained for payroll purposes but is not used as the primary identifier.

OSU is identifying systems that continue to use the SSN as the primary identifier. These systems will convert to using the CWID. Some departments are required to use the SSN for federal reporting of information. In instances where the SSN is required, encryption and hardware firewalls will be implemented to protect the personal information.

The State's University
Oklahoma State University - Stillwater | Stillwater, OK 74078 | 405.744.5000
Copyright © 2006 Oklahoma State University | All rights reserved