A group of 335 current and former University of Colorado employees received letters last week notifying them that the university is investigating irregularities in the way some employee W-2 records were accessed through a Web-based portal.
The irregularities were detected through a myCU Portal application that enables employees to download electronic copies of their W-2s. Those affected include current and former employees on all four CU campuses, CU system security officials said.
Officials said a credit-monitoring service would be provided for one year at no cost to all employees affected by the situation. Anyone who received a letter is being advised to contact a CU Payroll & Benefit Services counselor firstname.lastname@example.org to learn more about how to sign up for the service.
"The irregular activity is limited, but we decided to err on the side of caution in notifying employees," said Assistant Vice President William Walker IV, the university's chief information security officer. "We take our employees' privacy very seriously."
Walker said CU security officials are conducting an analysis of the W-2 data to determine if they were accessed for legitimate business purposes or for malicious reasons between Feb. 19, 2009, and Jan. 25, 2010.
Once the irregularities were discovered, university system data security officials immediately disabled the application and removed a potentially vulnerable access point before restoring service, he said.