People who might have been impacted by a February University of Hawaiʻi Cancer Center cybersecurity incident are reminded that deadlines are approaching to enroll in 12 months of free credit monitoring and $1 million in identity theft insurance.
Enrollment codes will no longer work after deadlines pass.
Deadlines
- May 31: Enrollment deadline for people who received Multiethnic Cohort study notification letter codes.
- May 31: Closure of the call center to assist all potentially affected people:
- Kroll Call Center: 844-443-0842
- Hours: 3:30 a.m. to 4 p.m. Monday through Friday
- June 20: Enrollment deadline for people who received email-based Experian enrollment codes.
Cybersecurity incident
The cybersecurity incident involved historical driver’s license and voter registration records — including Social Security numbers — used decades ago to recruit participants for epidemiological research studies.
No information kept by the center’s clinical trials operations, patient care or other divisions was impacted.
Potentially impacted people
Personal information affected by the incident was located in a subset of research files stored on certain servers that support University of Hawaiʻi Cancer Center’s epidemiology research operations, including:
- Two files containing names and birthdates in combination with Social Security numbers: The first, containing driver’s license numbers, was collected in 2000 from Hawaiʻi Department of Transportation; the second, containing voter registration information, was collected in 1998 from the City and County of Honolulu. At that time, driver’s license numbers numbers in Hawaiʻi were typically based on Social Security numbers, and City and County of Honolulu voter registration information also often contained Social Security numbers
- Files for study participants in the long-running Multiethnic Cohort Study, with recruitment for participants in Hawaiʻi and Los Angeles from 1993 to 1996, and three other epidemiological studies of diet and cancer focusing on colorectal adenomas, with recruitment for participants from 1995 to 2007, and colon cancer, with recruitment for participants from 1994 to 2005, which also had Social Security numbers and/or driver’s license numbers in combination with names and birthdates. They might also contain questionnaires and other study information about participant health, as well as information pulled from national and state public health registries.
- Two files that contain Social Security numbers in combination with names collected from national and state public health registries as part of epidemiology research and study recruitment efforts. One file was closed to new names in 1999; the other in the mid-2000s. The impacted files might also contain research registry information about health.
Letters were only mailed to Multiethnic Cohort study participants.
Other potentially-affected people — with valid email addresses available — were sent email notices. The remaining people were notified through notices sent Feb. 27 to major statewide media and on the University of Hawaiʻi Cancer Center website.
People should check their spam folders in all of their email accounts.
Notification emails were sent from notice@krollnotifications.com with the subject line “NOTICE OF DATA INCIDENT.”
Official notification emails were sent between March 16 and 20. Emails received outside this date range should be considered phishing.
People can visit the University of Hawaiʻi Cancer Center Cyberattack Information and Resource website to access support services and additional information.
