Colleagues,
University of California officials recently shared an important announcement regarding fraudulent activity affecting a limited number of UC Retirement Savings Program accounts managed by Fidelity Investments. Fidelity’s cybersecurity team has indicated that they have identified the issue and have taken immediate steps to protect affected accounts, including calls to the known affected participants. We want to ensure you are informed about these incidents so you can take appropriate preventive action. Read the full announcement.
Please consider taking the following actions, some specific to Fidelity and others more broadly protective:
- Review your Fidelity account regularly. Ensure your contact information and financial statements are accurate, including transaction history, bank, and tax information. Review both your UC workplace account (at www.netbenefits.com) and any personal Fidelity retail accounts (at www.fidelity.com). Pay close attention to your profile information, especially mobile numbers and emails associated with multi-factor authentication (MFA) and account alerts. Fidelity will notify you of any profile changes.
- Report any concerning issues to Fidelity. If you notice any unusual activity or unauthorized changes, contact Fidelity immediately at 866-682-7787. Reference the recent news from UC and the fact that there is concerning or questionable activity or personal information on your account that you do not recognize.
- Be aware of Fidelity’s customer protection guarantee, regarding any unauthorized account activity.
- View Fidelity’s safety resources includingthis useful security checklist.
- Use UC Berkeley’s Duo Mobile multi-factor authentication application. You can add Duo to multiple online accounts for another layer of protection. Always follow best practices to keep your Duo activity safe. Clicking the green check mark remains the safest option for these push notifications.
- Be alert to phishing. When receiving emails or text messages, confirm the sender using known contact information or report it as a potential phishing attack. Bookmark the Phish Tank to see examples of the latest phishing attacks.
- Stay up-to-date on the annual UC Cyber Security Awareness Fundamentals training. Access cybersecurity training in the UC Learning Center to renew or revisit important safety precautions.
Thank you for your attention to this matter. Please know that we will continue to work with Fidelity and UC officials to monitor the response to this threat and strengthen measures to help discourage additional attacks.
Sincerely,
Tracy Schroeder, Associate Vice Chancellor for IT and Chief Information Officer
Allison Henry, Chief Information Security Officer
This message was sent to all UC Berkeley faculty and staff. If you are a manager who supervises UC Berkeley employees without email access, please circulate this information to all.