Identity Theft and a Compromised Lafayette NetID

Your Lafayette NetID allows you to access Lafayette email, Google Workspace, Self-Service Banner, and numerous other systems and services. A NetID is valuable to both you and an attacker. Attackers use compromised accounts to access email and send spam. If you are an employee and your NetID is compromised, an attacker could also access your My Drive and Shared drive files, pay stubs, benefits information, and other sensitive information. If you are a student and your NetID is compromised, an attacker could access your course schedules, grades, and financial aid information. Two-step login has greatly reduced the number of compromised NetIDs. But there are additional steps you can take to protect yourself and your information.

Protecting Yourself

To protect your NetID and your personal information:

• It is imperative that you not share your NetID password with anyone at any time. Help Desk and ITS staff will never ask you for it.
• Use strong passwords, keep them private, and change them often
• Avoid reusing your Lafayette NetID password for other accounts
• Only approve requests for two-step login that you initiated
• Keep your two-step login passcodes and bypass codes secure. Do not share them with anyone at any time.
• Guard against phishing scams by not responding to emails, phone calls, or other unsolicited requests for your personal information
• Store sensitive physical documents securely and dispose of them properly, e.g., by shredding them, not putting them in the recycling bin
• Keep your computer secure by staying current with updates through Software Center on your Lafayette-owned computer. When you step away from your computer, lock the screen so a password is required to use it.

Compromised NetID

Should your NetID be compromised, take appropriate action depending on the type of breach:

• If there was a minor disclosure of your password, e.g., you inadvertently typed it in the username field and a colleagues saw it, change your password using the password change utility
• If you have reason to believe that an unknown party has your password, e.g., either because you responded to a phish or you reused your NetID password for another account and received notice the service was breached, change your password as soon as you are aware and contact the Help Desk immediately at help@lafayette.edu or (610) 330-5501.

Stolen Identity

ITS cannot help in cases of identity theft, but there are resources that can help.

• For stolen credit or debit cards, contact your credit card company and bank. Review your credit report.
• For a stolen Social Security number, contact the Federal Trade Commission and any of the three major credit reporting agencies (Equifax, TransUnion, and Experian).
• Useful resources:
  • Federal Trade Commission (FTC)
  • US Department of Justice
  • AnnualCreditReport.com