The University of Hawaiʻi is reminding individuals who may have been impacted by the UH Cancer Center cybersecurity incident announced February 27 that deadlines are approaching to enroll in 12 months of free credit monitoring and $1 million in identity theft insurance. After these deadlines, enrollment codes will no longer work.
Deadlines
- May 31, 2026: Enrollment deadline for individuals who received Multiethnic Cohort (MEC) study notification letter codes
- June 20, 2026: Enrollment deadline for individuals who received email-based Experian enrollment codes
- May 31, 2026: Closure of the call center to assist all potentially affected individuals
Kroll Call Center: (844) 443-0842
Hours: Monday to Friday, 3:30 a.m. to 4 p.m. Hawaiʻi Standard Time
Cybersecurity incident
The cybersecurity incident involved historical driver’s license and voter registration records (including social security numbers) used decades ago to recruit participants for epidemiological research studies. No information held by the UH Cancer Center’s clinical trials operations, patient care or other divisions of the center was impacted.
Potentially impacted individuals
The personal information affected by the incident was located in a subset of research files stored on certain servers that support the UH Cancer Center’s epidemiology research operations, including:
- Two files containing names and date-of-births in combination with SSNs: the first, containing Driver’s License (DL) numbers, was collected in the year 2000 from the State Department of Transportation; the second, containing voter registration information, was collected in the year 1998 from the City & County of Honolulu. At that time, DL numbers in Hawaiʻi were typically based on SSNs, and City and County of Honolulu voter registration information also often contained SSNs.
- Files for study participants in the long-running Multiethnic Cohort (MEC) Study (recruitment for participants in Hawaiʻi and Los Angeles, California from 1993 to 1996) and three other epidemiological studies of diet and cancer focusing on colorectal adenomas (recruitment for participants 1995–2007) and colon cancer (recruitment for participants 1994–2005), which also had SSNs and/or DL numbers in combination with names and date-of-births. They may also have contained questionnaires and other study information on participant health, as well as information pulled from national and state public health registries.
- Two files that contain SSNs in combination with names collected from national and state public health registries as part of epidemiology research and study recruitment efforts. One file was closed to new names in 1999, and the other in the mid-2000s. The impacted files may also have contained research registry information about individuals’ health.
Letters were only mailed to MEC study participants. Other potentially affected individuals were sent email notices where valid email addresses were available. For the remaining individuals, notification was made through notices sent to major statewide media on February 27, 2026, and on the UH Cancer Center website.
If you believe you may have been impacted and did not receive an email or a letter, please call the Kroll Call Center: (844) 443-0842, Monday to Friday, 3:30 a.m. to 4 p.m. Hawaiʻi Standard Time.
Individuals should also check the Spam folders in all of their email accounts. Notification emails were sent from notice@krollnotifications.com with the subject line “NOTICE OF DATA INCIDENT.” Official notification emails were sent between March 16, 2026 and March 20, 2026. Emails received outside of this date range should be considered phishing emails.
Individuals may also visit the UH Cancer Center Cyberattack Information and Resource Website to access support services and additional information.
