"Agent of Change" Incident
- What should I do now?
- How did this happen?
- What is a data breach?
- Did the intrusion affect the university’s data network?
- Has my identity been stolen?
- Do they have access to my Social Security number?
- What is a phishing attempt?
- Should I expect more phishing scams now?
- Who was affected?
- What is Agent of Change?
- What is We End Violence?
- What is being done to fix the problem?
- Will this affect my registration?
- Do I need a new Bronco ID?
- When did you find out about this?
- Why am I finding out about this a week later?
- Are you ever going to use this company again?
- Will I have to take the training again with the new company?
We strongly recommend you take the following steps to protect your identity and personal information:
- Change your Bronco password immediately by visiting the Identity Management Services page.
- Update any other personal accounts where you may have used the same password.
- Be aware of phishing attempts and follow the suggestions on the IT Service Desk’s Phishing page
- Never provide a user ID or password in email.
- Never reply to emails asking you to send personal or financial information
- Expect to receive additional information from the third-party vendor, We End Violence, which provided the Agent of Change training.
There was an unauthorized intrusion into the network of the third-party vendor, We End Violence. The vendor supplied “Agent of Change” sexual assault prevention training class to our campus.
A data breach is an incident in which an unauthorized individual gains access to private information on a computer network.
No. The intrusion occurred only on the network of the third-party vendor, We End Violence, which provided the Agent of Change training.
No Social Security numbers, driver’s licenses or credit card information was compromised. The data involved is: Student name, Bronco ID, email address, the Agent of Change user ID (set by the student), and the Agent of Change password (set by the student). In addition, there was an optional survey that asked questions about students’ characteristics.
No. Social Security numbers were not used in the sign-up process for Agent of Change. However, if you used the same password for Agent of Change as you use on other personal accounts, those accounts could be vulnerable. We recommend you change the passwords on those accounts as well.
Phishing is an attempt to acquire sensitive personal or financial information, such as user names, passwords and credit card information, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. For more information about phishing, visit our Phishing page.
We always advise our students to be vigilant against phishing scams, which can be attempted even when there has not been a data breach.
The breach has affected seven CSU campuses At Cal Poly Pomona, the number of students who may have been affected is 19,658.
Agent of Change is the name of a sexual assault prevention training class provided by a third-party vendor, We End Violence. Sexual assault prevention training was required by state law for all students enrolled in spring quarter 2015.
We End Violence is the third-party vendor contracted with the CSU to provide the sexual assault prevention class. The name of their class is Agent of Change.
Cal Poly Pomona is working with the Information Security Office at the Office of the CSU Chancellor and the vendor to ensure this matter is resolved as swiftly as possible. We are asking students who signed up for the Agent of Change course to change their password immediately by visiting the Identity Management Services page. Passwords that have not been changed will expire after 90 days.
No. This will have no effect on your registration.
You do not need a new Bronco ID. Changing your Bronco password will ensure your student accounts are secured.
The CSU was informed about a possible breach on Friday, Aug. 28.
Cal Poly Pomona worked to notify students as quickly as possible. Due to the size of the breach and because it happened on the network of a third-party vendor, the university needed to first investigate and determine who was affected.
No. Cal Poly Pomona has switched to another provider of sexual assault prevention training for future classes.
If you already completed your training through Agent of Change during spring quarter, you will not be required to retake it this year.