Overview
The University of Richmond Information Security Department maintains threat intelligence services that continuously monitor the Internet and dark web for occurrences where credentials associated with an account using an "@richmond.edu" email address have been "leaked" or exposed. This is most often related to a security breach at a non-UR service provider, such as a streaming video service, website or retail vendor, where a person has established an account using their University of Richmond email address. When we are notified of such an occurrence, Information Security will send an email notification from infosec@richmond.edu to impacted users.
Details / Instructions
If you receive an email notification that an account using your "@richmond.edu" email address was involved in a security breach, please take the following actions:
- Reset the password for the account at the service provider associated with the breach. The notification you receive will include the name of the service. Ensure the password is strong and unique. Do not use the same password that you use for any other service.
- If you need help managing strong, unique passwords, the University of Richmond offers LastPass, a password manager tool, for free to all current students, faculty, and staff.
- Enable multifactor authentication for the account if that security feature is available through the service provider. Most major services now offer their customers an MFA option to protect their accounts.
- If you used the same password for this service as you use for your University of Richmond or any other accounts, change the passwords for those services immediately.
Please contact the Information Security Department (infosec@richmond.edu) if you have questions or concerns regarding a notification.
See Also
LastPass Service Article
Multifactor Authentication Information
UR Password Policy