NDUS reveals server breach, personal information for former students and staff potentially accessed in February
A North Dakota University System server containing the personal information of more than 290,000 former students and faculty was hacked in early February, system officials said Wednesday.
Interim Chancellor Larry Skogen said law enforcement has been contacted, and it is still unclear whether any personal information was stolen by the hacker, who is thought to have operated from outside the United States.
“We are doing everything possible to make sure this doesn’t happen again,” Skogen said.
Even though the breach happened almost a month ago, Deputy Chief Information Officer Darin King said the timing of the announcement is reasonable considering the amount of technical investigation that had to be done before they had any information to give out.
The breach was noticed Feb. 7 when it was realized the server was being used to launch attacks against other computers and send phishing emails. The server was immediately locked down and an internal investigation was begun to find out what exactly had happened.
King said all they have been able to surmise is that the server was used to relay traffic online by someone offshore who gained unauthorized access to an account.
“It’s for people to hide their tracks when they’re trying to do something,” he said.
NDUS then contacted local law enforcement to begin an investigation.
Skogen said “it may be weeks” before the continued forensic evidence provides any more answers.
The server itself is run by NDUS’s IT support arm, Core Technology Services, and is located in Grand Forks. It contained the names and social security numbers of 290,000 former students including information for about 1,300 applicants for the fall 2014 term and 780 faculty and staff. No credit card or bank information was included, nor was personal information of the parents of students.
While a breach of this kind has never happened to the university system before, Skogen said the university system must remain “ever vigilant” in protecting its information.
“What we’re trying to do here is be as proactive as possible,” Skogen said.
King and Skogen wouldn’t say whether any other agencies besides local law enforcement had been contacted, though a NDUS press release stated the server information has been “sent to a national forensic organization” and the investigation is ongoing. There are no leads as to who is behind the breach.
NDUS is currently working on notifying those with potentially compromised information and will offer identity protection services to them, though the actual method and process of notifying the thousands of people is still unclear.
A call center is also in the process of being set up to answer questions from those who think they might have been affected.
Skogen said it is unclear how much this will cost the university system or when the call center will be open.
For now, a website has been set up at ndus.edu/data to provide the public with information pertaining to the breach. It will be updated as more information becomes available.
Email from Skogen to NDUS employees and students
A message from NDUS SYSTEM OFFICE
Dear students, faculty and staff,
Today the North Dakota University System will release the following information regarding suspicious activity that was detected and shut down on one of the NDUS servers that was used to store information from all North Dakota colleges and universities. Unfortunately, the server contained personal information for current and former students, as well as some faculty and staff members. There is no evidence that the intruder accessed any of your information, but we can’t rule out the possibility.
It is very unfortunate that this happened. NDUS is taking steps to communicate with all those who could potentially be impacted, and we’ve created a special website with detailed information about the incident. We’re also making arrangements for identity protection services for those who want it, and will soon have available a hotline staffed with personnel who can answer your questions.
Multiple steps are being taken to increase security and ensure that this doesn’t happen again. Thank you for your patience as NDUS works through this unfortunate incident. We certainly understand any frustration you are experiencing, and regret any inconvenience this has caused.
Larry C. Skogen
Interim Chancellor, North Dakota University System