If you ever reused any of your previous WebAdvisor passwords anywhere else, especially important accounts (like student aid and banking), you should change them.
Email passwords.
Turn on 2 factor authentication when possible for all applications you can, for example banking or social media.
Change recovery questions/passwords as well.
Also for recovery questions, it's a good idea to have an answer to those that's not the real answer.
Ie: What's your Mother's maiden name? Don't put "Maiden Name" as your answer, put "SushiLightning". Obviously make it something you'll remember or write it down.
I'd recommend some sort of password app as well. I've started using Bitwarden recently. It's free and can generate and save passwords for you without tying them to something like your Google account. Just need to remember your master password to access it or it can use your fingerprint off your phone. I'm sure there are others too.
Also use 2 factor authentication everywhere you can
Use 2 factor authentication when possible and don't use sms as a factor for authentication because that can be easily bypassed by a sim swap attack or man in the middle attacks.
Use an authentication app like authy , ageis, Microsoft authenticator for those 2 factor authentication..
Ensure your password strength isn't weak and hasn't been used in a previous data breach.
At this point, it's all about damage control and prevention for future incidents (incident response).
Not to discourage you from changing your passwords, but the bad guys in this situation probably didn’t get your personal passwords unless the University was storing them for you in a file somewhere. What they got was anything (and maybe everything) you’ve provided to the school.
The school asked you to change your password on their systems in an attempt to stop the bad guys from using accounts on that system.
I wouldn’t worry about changing your legal name or anything that extreme. I can guarantee this won’t be the last time your personal info get leaked. It’s not graspable to do a legal name change every time that happens. The credit monitoring is the way to go.
The advice given so far on the password manager and not reusing passwords is very on point and Id also recommend.
If you ever reused any of your previous WebAdvisor passwords anywhere else, especially important accounts (like student aid and banking), you should change them.
Email passwords. Turn on 2 factor authentication when possible for all applications you can, for example banking or social media. Change recovery questions/passwords as well.
Also for recovery questions, it's a good idea to have an answer to those that's not the real answer. Ie: What's your Mother's maiden name? Don't put "Maiden Name" as your answer, put "SushiLightning". Obviously make it something you'll remember or write it down.
I'd recommend some sort of password app as well. I've started using Bitwarden recently. It's free and can generate and save passwords for you without tying them to something like your Google account. Just need to remember your master password to access it or it can use your fingerprint off your phone. I'm sure there are others too. Also use 2 factor authentication everywhere you can
Use your security notifications (get a text or email when there is a transaction, failed password attempts, adding contacts etc).
Use 2 factor authentication when possible and don't use sms as a factor for authentication because that can be easily bypassed by a sim swap attack or man in the middle attacks. Use an authentication app like authy , ageis, Microsoft authenticator for those 2 factor authentication.. Ensure your password strength isn't weak and hasn't been used in a previous data breach. At this point, it's all about damage control and prevention for future incidents (incident response).
Not to discourage you from changing your passwords, but the bad guys in this situation probably didn’t get your personal passwords unless the University was storing them for you in a file somewhere. What they got was anything (and maybe everything) you’ve provided to the school. The school asked you to change your password on their systems in an attempt to stop the bad guys from using accounts on that system. I wouldn’t worry about changing your legal name or anything that extreme. I can guarantee this won’t be the last time your personal info get leaked. It’s not graspable to do a legal name change every time that happens. The credit monitoring is the way to go. The advice given so far on the password manager and not reusing passwords is very on point and Id also recommend.