Home
General Info
Undergraduate Program
Graduate Program
Faculty & Research
Seashore Clinic
People
PhD Application
About the Department History Awards Events Job Openings In and Around Iowa City

Clinical Research Laboratory Security Incident

On September 19, 2006 it was discovered that a security breach had occurred on a server containing research and contact information for participants of several studies underway at the University of Iowa. These studies were focused in the area of maternal and child health and were conducted by researchers in the Departments of Psychology and Psychiatry.

Below are answers to some frequently asked questions regarding the incident. If you have further questions, please send an email to mike-ohara@uiowa.edu or scott-stuart@uiowa.edu .


Whose information specifically was on the computer?
What happened?
What personal information may have been compromised?
If my information was on the computer, does this mean that I'm a victim of identity theft?
I'd like to know with certainty that my personal information isn't being used by someone else. What can I do?
Will the University of Iowa contact me to ask for private information because of this event?
What steps are you taking to improve the security of personal information on campus computers?
Who should I contact if I still have questions?
Letter to study participants

    ________________________________________

    Q: Whose information specifically was on the computer?

    A: Research and contact information for participants in research studies conducted by Dr. Michael O'Hara, Department of Psychology and Dr. Scott Stuart, Department of Psychiatry between 1995 and the present was stored on the computer.

    Q: What happened?

    A: A computer in a University research center was subject to a computer intrusion. Analysis of the intrusion indicates it was an automated attack designed to obtain a place to store pirated video files for subsequent distribution. There is no evidence that anyone ever gained access to any information on the computer.

    Q: What personal information may have been compromised?

    Contact information including some social security numbers of research subjects were on the computer. It also housed research information based on questionnaires and interviews that were completed, however the research information was located in files that require special software to open and which is coded to prevent directly connecting it to any individual. We are very confident that even if someone were to view the files, that the research information is secure.

    Q. If my information was on the computer, does this mean that I'm a victim of identity theft?

    A. No. We have no evidence that anyone obtained access to the computer or any of the information it contained, or that you are at risk. The University of Iowa feels it is important to inform all persons whose information was on the computer about what happened and to make sure they have the opportunity to take additional precautions to protect their identity.

    Q. I’d like to know with certainty that my personal information isn’t being used by someone else. What can I do?

    A. The best way to protect yourself is to place a fraud alert on your credit files and reviews your credit reports, which you can obtain from one of three major credit bureaus: Equifax, Experian and Trans Union. If you notice accounts on your credit report that you did not open or applications for credit ("inquiries") that you did not make, these could be indications that someone else is using your personal information, without your permission. Please visit http://www.consumer.gov/idtheft for more information

    Q. Will the University of Iowa contact me to ask for private information because of this event?

    A. No. The University is mailing letters to the affected individuals and will not otherwise contact you, nor will we ask for any personal information from you. We recommend that you do not release personal information in response to any contacts of this nature that you have not initiated.

    Q. What steps is The University of Iowa taking to improve the security of personal information on campus computers?

    A. An in-depth security review is being performed on the computer system to ensure all applicable security precautions are being applied, before the system is brought back online. In addition all historical research information is being archived from the system, and all participant contact information is being moved to a computer that is not connected to the Internet.

    Q: Who should I contact if I still have questions?

    You should contact Dr. Michael O'Hara in the Department of Psychology at 319-335-2460 (mike-ohara@uiowa.edu) or Dr. Scott Stuart in the Department of Psychiatry at 319-353-4230 (scott-stuart@uiowa.edu). You may also contact the University of Iowa’s Institutional Review Board through Martha Jones by calling 319-335-6564 (martha-f-jones@uiowa.edu).


    © The University of Iowa 2003. All rights reserved.