Commonwealth University Notifies 2,158 Physician Assistant Portal Users Affected by Data Breach

On Jan. 19, 2023, Commonwealth University of Pennsylvania (CU) learned of a possible data breach at Commonwealth University-Lock Haven. A cyber forensics investigation confirmed that personally identifiable information of 2,158 Physician Assistant Portal (PA Portal) users was compromised.

Once the breach was discovered, the PA Portal was immediately shut down and no access was available for anyone other than the Commonwealth University Cybersecurity team. An immediate investigation was conducted to determine the elements of the breach.

Commonwealth University has contracted with Identity Theft Guard Solutions Inc. (“IDX”) to offer one year of free IDX Identity Protection Services, which includes credit monitoring with the three major credit bureaus, CyberScan Dark Web monitoring, identity theft insurance, and fully managed identity restoration.

Additionally, through IDX enrollment, a “fraud alert” will be placed on the individual’s credit file to notify potential credit grantors of the need to verify identification before extending credit in the person’s name.

Commonwealth University, through IDX, has established a hotline for impacted individuals at 1-833-903-3648 Monday through Friday from 9 a.m. to 9 p.m. Eastern Time. This hotline can also provide additional resources to contact regarding further protection of personal information. There is also a dedicated website, https://app.idx.us/account-creation/protect, where victims can access information such as frequent questions and answers.

Affected individuals should be aware of potential scam emails related to the data breach. These scams, designed to capture personal information (known as "phishing") appear as if they are from Commonwealth University.

• DO NOT click on any links in email.
• DO NOT reply to the email or reach out to the senders in any way.
• DO NOT enter any information into websites linked to the email.
• DO NOT open any attachments that arrive with email.

Commonwealth University is not calling individuals about the breach. All impacted individuals will receive a physical notice in the mail from IDX advising them of the protections being offered to them as well as any next steps.

Anyone who believes they might be a victim of a scam or identity theft crime related to this incident should file with the Internet Crime Complaint Center (IC3) at www.IC3.gov. Individuals are encouraged to save all original documentation, emails, faxes, and logs from communications in the event they are contacted by law enforcement.