University at Buffalo leaders, along with their security team, are investigating a data breach of external third-party accounts. 

They say it’s affected more than 25-hundred accounts campus wide. About 18-hundred of those are student accounts. 

Officials say those whose logins were stolen may have visited a website not associated with the university.

Here is the statement from University at Buffalo Associate Vice President for Media Relations John Della Contrada: 

The university’s chief information security officer is investigating and responding to a breach of external third-party accounts that appears to have compromised the login information for a large number of UB students, faculty, staff and alumni.

Our initial investigation indicates that the affected individuals’ login information was stolen when they visited a non-UB website and entered their university log-in information.  As soon as the issue was discovered, the university took immediate steps to address the problem, secure data and mitigate the risks. Information security is a daily priority at the university and we take protection of personal information very seriously. 

We are notifying all affected people to instruct them to change their user name and password. At this point, we do not have evidence that individuals’ financial, academic or private information was viewed or stolen; however we are contacting impacted individuals to make them aware of this issue and to inform them how to take precautions to protect themselves against possible misuse of their information.

This incident provides an opportunity to remind members of the university community that they should protect and secure their information every day and should not using the same UB username and password for external services or websites.

Affected accounts:

28 faculty and staff accounts

862 alumni accounts

1,800 student accounts

We will update you with more information on air and online when it becomes available.