DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

North Dakota University System server breach; data access not evident but possible (updated)

Posted on March 5, 2014 by Dissent

Update of March 27: North Dakota University System official: hackers did not gain access to files with personal information.

Original story:

North Dakota University System issued the following statement today:

Core Technology Services, the information technology arm of the North Dakota University System, has discovered and shut down suspicious access to one of the university system’s servers. An entity operating outside the United States apparently used the server as a launching pad to attack other computers, possibly accessing outside accounts to send phishing emails.

Unfortunately, personal information, such as names and Social Security numbers, was housed on that server. There is no evidence that the intruder accessed any of the personal information. As a precautionary measure, steps are being taken to inform all who could potentially be impacted by the suspicious activity.

“Information security is of the utmost importance to us, and it is very unfortunate this has happened” said NDUS Interim Chancellor Larry C. Skogen. “We are working diligently to help make sure this doesn’t happen again. It’s disturbing that higher education is often targeted by criminal elements in today’s global assaults on IT systems.”

Records of more than 290,000 current and former students and about 780 faculty and staff resided on the server. No credit card or bank account information was contained in the records. The suspicious activity was discovered on Feb. 7, and the server was immediately locked down. A thorough internal investigation and forensic analysis was conducted to understand the cause and scope of the incident. Law enforcement has been contacted, and the server information was also sent to a national forensic organization to confirm the internal analysis.

“There is no indication that any of the personal information was actually accessed,” said Lisa Feldner, vice chancellor for information technology and institutional research. “Nevertheless, we are making every effort to inform people of the situation and are taking every possible precaution to safeguard our systems.”

In response to incidents like this one and to help prevent them in the future, NDUS is continually modifying its systems and practices to enhance the security of sensitive information. To support this effort, NDUS removed all access to the affected server and revalidated each individual user, initiated more stringent intrusion detection measures, and developed a taskforce to address how we access data even more securely.

NDUS has established a web page that provides more details about the incident. It will be updated on a regular basis as new information becomes available. In addition, NDUS is making arrangements to provide identity protection services for one year for all those who wish to use it. A call center will be established soon to assist those who have additional questions. More information about these services will be posted on the website as soon as it is available.

“We completely understand that this incident could be distressing,” said Skogen. “We certainly hope that no one experiences any negative impact from this intruder’s actions, but we are providing resources for those who would like them, and we will keep people apprised of any new developments.”

You can read the FAQ on the breach here and listen to a conference call they held about the breach.

Category: Education SectorHack

Post navigation

← NZ passport email gaffe latest in series of privacy slips
How the feds brought down a notorious Russian hacker →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.