NDUS reports suspicious server activity, data access not evident but possible
Posted on 3/5/2014
For More Information Contact: Linda Donlin, Director of Communications and Media Relations North Dakota University System Phone: 701.328.2962 E-mail: firstname.lastname@example.org
Core Technology Services, the information technology arm of the North Dakota University System, has discovered and shut down suspicious access to one of the university system's servers. An entity operating outside the United States apparently used the server as a launching pad to attack other computers, possibly accessing outside accounts to send phishing emails. Unfortunately, personal information, such as names and Social Security numbers, was housed on that server. There is no evidence that the intruder accessed any of the personal information. As a precautionary measure, steps are being taken to inform all who could potentially be impacted by the suspicious activity.
"Information security is of the utmost importance to us, and it is very unfortunate this has happened" said NDUS Interim Chancellor Larry C. Skogen. "We are working diligently to help make sure this doesn't happen again. It's disturbing that higher education is often targeted by criminal elements in today's global assaults on IT systems."
Records of more than 290,000 current and former students and about 780 faculty and staff resided on the server. No credit card or bank account information was contained in the records. The suspicious activity was discovered on Feb. 7, and the server was immediately locked down. A thorough internal investigation and forensic analysis was conducted to understand the cause and scope of the incident. Law enforcement has been contacted, and the server information was also sent to a national forensic organization to confirm the internal analysis.
"There is no indication that any of the personal information was actually accessed," said Lisa Feldner, vice chancellor for information technology and institutional research. "Nevertheless, we are making every effort to inform people of the situation and are taking every possible precaution to safeguard our systems."
In response to incidents like this one and to help prevent them in the future, NDUS is continually modifying its systems and practices to enhance the security of sensitive information. To support this effort, NDUS removed all access to the affected server and revalidated each individual user, initiated more stringent intrusion detection measures, and developed a taskforce to address how we access data securely.
NDUS has established a web page that provides more details about the incident. It will be updated on a regular basis as new information becomes available. In addition, NDUS is making arrangements to provide identity protection services for one year for all those who wish to use it. A call center will be established soon to assist those who have additional questions. More information about these services will be posted on the website as soon as it is available.
"We completely understand that this incident could be distressing," said Skogen. "We certainly hope that no one experiences any negative impact from this intruder's actions, but we are providing resources for those who would like them, and we will keep people apprised of any new developments."