UC recently learned that names, Social Security numbers and other personal information of some members of the UC community are being used to open unauthorized bank accounts at financial institutions named Chime and Go2Bank. We do not believe UC accounts have been compromised, and we suspect the personal information being used to create these unauthorized accounts was obtained from prior data breaches. Affected UC community members are receiving emails from these institutions asking them to confirm the new account by clicking a link in the email.

What individuals can do to protect themselves against this attack

• Watch out for suspicious communications from Chime/Go2Bank: Be on the lookout for email or physical mail notifications suggesting an account that you do not recognize has been opened. These may come in different forms — notification of a new account, requests to confirm your email address, or physical debit/credit cards sent to your home address.
  
  **Anyone receiving an email from Chime or Go2Bank asking them to confirm a new bank account they do not recognize should not click any links in the email itself, and should then forward the email to their local information security office.
   
• Promptly close unauthorized accounts: If you believe an account has been opened without your permission, contact the company immediately and inform them that you believe someone has fraudulently opened an account. Ask the company to close the account and confirm the closure with you once complete. Individuals may contact Chime at 844-244-6363 and support@chime.com. Individuals may contact Go2Bank at 855-459-1334 or by using one of the methods listed at https://www.go2bank.com/help/contact-us. 

What individuals can do to protect themselves generally

Because of the way Chime and Go2Bank accounts are initiated the suggestions below will not directly help in this particular case, but are nevertheless good general advice and can help with a myriad of other cyberattacks. 

• Monitor and set up alerts for bank account(s): Monitor bank account(s) for suspicious transactions and report any to your bank. Ask the bank for online monitoring and alerts on your account.
   
• Place a fraud alert on your credit file: We recommend impacted individuals place a fraud alert on their credit file by contacting one of the three nationwide credit bureaus listed below. If a fraud alert is placed on a consumer’s credit file, certain identity verification steps must be taken prior to extending new credit.
  • https://www.equifax.com/personal/ 
  • https://www.transunion.com 
  • https://www.experian.com/
     
• Sign up for credit monitoring: If they haven’t already done so, we recommend impacted individuals sign up for the Experian credit monitoring service being offered by UC. 
   
• Reminders for protecting personal information: Here are five rules for protecting one’s information. In addition, individuals may take additional identity theft measures described at https://www.identitytheft.gov/databreach

What UC is doing

• UCOP will continue to communicate with Chime and Go2Bank to learn more about this incident, and work with them to monitor accounts associated with UC email addresses. 
   
• UCOP is reaching out to the relevant law enforcement agencies.
   
• UCOP is monitoring systems to determine whether there are additional similar communications from these or other institutions.
   
• UC Riverside is adding a banner to highlight anytime a Chime or Go2Bank email comes into a UCR mail box to increase awareness of potential fraudulent activity.
   
• UC Riverside is alerting those that have already received these emails, with guidance to ensuring the accounts are legitimate, or instructions on how to close the accounts.
   
• UC Riverside is communicating broadly to the campus community regarding this attack.