Protecting Your Identity: Next Steps after UofM Data Breach

Protecting Your Identity: Next Steps after UofM Data Breach

January 25, 2024

As most people affiliated with the University of Michigan already know, UofM was subject to a significant data breach in August of 2023. This breach impacted students, applicants, alumni, donors, employees, and contractors. For those impacted, the security that may have been stolen includes social security numbers, driver’s licenses, financial accounts or payment card numbers, and health information.

Although I know UofM has worked diligently to remedy the impacts of this attack, I consider this an opportunity for everyone to take action to protect their own information. Here are a few things you may want to consider:

  1. Identity monitoring tools

The most beneficial thing you can do moving forward is to maintain a heightened level of awareness of your personal data. Since most of us are busy with work and family, it can be helpful to utilize a 3rd party to oversee this information.

If you were subject to this data breach, you would have most likely received a letter in the mail in October 2023 with a link to enroll in free coverage through IDX for 12 months. As with most data breaches, the free coverage provided is often not the most comprehensive version available. For more complete coverage, you may want to find additional protection.

If you are employed by UofM and are actively enrolled in the UofM Legal Plan, I would also encourage you to consider utilizing their included offering, Aura. This solution may be more beneficial as it covers three credit bureaus instead of the one bureau covered through IDX. This will also provide ongoing coverage once IDX coverage expires after 12 months.

  1. Freezing credit files

In my experiences, I have found identity monitoring tools beneficial in catching breaches to your data quickly and assisting with correcting the issues. The challenge is that these cannot necessarily stop all breaches from happening. Going through the steps of freezing your credit files can assist with preventing certain types of fraud from occurring in the first place.

When your credit file is frozen, an identity criminal is unable to open a new debt in your name because they will be stopped at the point of running your credit report. It is simple to unfreeze and re-freeze your files in the future when you need to apply for a new debt personally.

All three credit bureaus provide the option of freezing your credit online at these sites below:

                Experian                             Equifax                               Transunion

  1. Reviewing bank account activity

As previously noted, the breach may have included bank accounts you have connected to UofM. Although closing your bank account may not always be a feasible solution, I often recommend checking your account transaction history several times per week. When an identity criminal is working to hack into your bank account, they will often start with a small transaction amount to test that the connection is working. If that transaction clears without any issues, they will begin transferring larger sums. If you can notice that initial small transaction quickly, you have a greater opportunity to call your bank to put a fraud alert on your account before further funds are withdrawn.

  1. Reissuing credit cards

If you feel you may have had a credit card linked through UofM, you may want to consider having your credit card reissued. I know it can be a tedious task to update your credit card information with all linked accounts, but if you feel you may be at a heightened risk after this breach, you may want to consider taking these next steps.

In this ever-evolving environment we live in of new data breaches being announced daily, I believe these initial steps are worth implementing to protect your information. Although as consumers, we cannot stop our affiliated institutions from being breached, we can work to prevent anyone from utilizing our information.  


We are not cybersecurity experts. There is no guarantee these steps will prevent any and all data breaches of your personal information.

We are not affiliated, associated, authorized, endorsed by, or in any way officially connected with the University of Michigan, or any of its subsidiaries or its affiliates.