Core Technology Services, the information technology arm of the North Dakota University System, has discovered and shut down suspicious access to one of the university system's servers, according to a press release issued by the university system.
According to the NDUS, an entity operating outside the United States apparently used the server as a launching pad to attack other computers, possibly accessing outside accounts to send phishing emails. Personal information, such as names and Social Security numbers, was housed on that server. The NDUS reports that there is no evidence that the intruder accessed any of the personal information but precautionary masures are being taken.
Records of more than 290,000 current and former students and about 780 faculty and staff resided on the server. No credit card or bank account information was contained in the records. The suspicious activity was discovered on Feb. 7, and the server was immediately locked down. A thorough internal investigation and forensic analysis was conducted to understand the cause and scope of the incident. Law enforcement has been contacted, and the server information was also sent to a national forensic organization to confirm the internal analysis, according to the report. The NDUS removed all access to the affected server and revalidated each individual user, initiated more stringent intrusion detection measures, and developed a taskforce to address how to access data securely, according to the press release.
"Information security is of the utmost importance to us, and it is very unfortunate this has happened" said NDUS Interim Chancellor Larry C. Skogen in the press release. "We are working diligently to help make sure this doesn't happen again. It's disturbing that higher education is often targeted by criminal elements in today's global assaults on IT systems."
"There is no indication that any of the personal information was actually accessed," said Lisa Feldner, vice chancellor for information technology and institutional research. "Nevertheless, we are making every effort to inform people of the situation and are taking every possible precaution to safeguard our systems."
NDUS has established a web page that provides more details about the incident. It will be updated on a regular basis as new information becomes available. In addition, NDUS is making arrangements to provide identity protection services for one year for all those who wish to use it. A call center will be established soon to assist those who have additional questions. More information about these services will be posted on the website as soon as it is available.