On Sunday, July 19, 2020, computing servers in a college at the University of Utah experienced a security incident. The university has notified appropriate law enforcement entities and the U's Information Security Office (ISO) is actively investigating the matter.
As a precautionary measure, on July 29, 2020, students, staff and faculty at the U were directed to change their university passwords under certain conditions.
The university cannot offer further details on the nature of this incident or the scope of its ramifications, pending the conclusion of the active investigation.
In the meantime, the university is working to protect the data of its faculty, staff and students and identify steps to further strengthen IT security.
Email sent to all University of Utah faculty, students and staff
The University of Utah is aware of a recent serious information security incident and is currently investigating. More information about the incident will be distributed when it becomes available.
As a precaution, staff, faculty, and students who are not University of Utah Health employees or Epic users will be required to change their uNID passwords by Wednesday, August 5, 2020.
Important note for U of U Health employees and Epic users: You should not change your uNID password at this time. Changing your password at this time could disable your ability to use the IT systems and applications you need to do your work.
We will notify you when the password change requirement takes effect for you. In the meantime, other security safeguards are in place to protect your account and associated data.
Notes for main campus users:
- If you recently changed your uNID password (after Sunday, July 19, 2020) you do not need to change your password again before August 5.
- If your local IT support staff has asked for a delay implementing the password change requirement for your organization, they will contact you prior to July 29 and instruct you to refrain from changing your password at this time.
- After August 5, main campus users who have not changed their password will automatically be prompted to change it the next time they log in to a university system that requires uNID/CIS password authentication.
Main campus instructions for changing the uNID password prior to August 5, 2020:
- Important: To avoid being locked out of university IT systems, prior to starting the change process please log out of all university applications and services (e.g., Outlook and UConnect) on all computers and devices that automatically log in to university systems or services (or shut them down). This initial step will help prevent account lockout that may be caused as multiple computers/devices continue to attempt to log in using the old password.
- Review uNID password requirements and guidelines.
- Follow instructions to reset or change your uNID password.
If you’ve forgotten your uNID password and cannot log in to CIS, please visit this IT Knowledge Base article for instructions on how to reset it.
We encourage everyone, including U of U Health staff, to update their IT security questions and answers. Campus and U of U Health IT help desks rely on security profiles to verify user identities before making changes to accounts.
To update your security profile:
- In CIS, search for and select the "Change Your Security Information" tile.
- You will be prompted to select questions from the dropdown menus on security questions 1 and 2. Enter your corresponding answers in the empty fields and if necessary, make note of the answers for your records.
- Select the "Save" button.
If you have questions, your local IT support staff may be able to assist, or you may contact your respective central IT help desk: