DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

VA: Security Incident Involving James Madison University Network

Posted on December 20, 2014 by Dissent

December 18, 2014

James Madison University is committed to protecting the confidentiality and security of the information entrusted to us.  This notice contains important information regarding a recent security incident involving JMU’s network.

Since October, JMU Information Technology, along with law enforcement and outside security consultants, has been investigating an incident of unauthorized access to JMU technology resources.  During this time, IT, with guidance from security consultants, took significant steps to further identify and contain this unauthorized activity and prevent greater risk to the university community.  Affected servers associated with the UREC, Parking, Orientation OneBook and CFI Workshop Registration systems were rebuilt as well.  This work culminated in the December 17 network and data center maintenance you experienced.  Simultaneously included were initial measures to further strengthen our network security and more proactively defend against the constant and increasingly sophisticated threats JMU and other universities across the nation face.

To complete the immediate work and help further assure adequate protection going forward, we need the help of our entire JMU user community.  All faculty, staff, students and affiliates must change their e-ID passwords as follows:

From off-campus connections, go directly to MyMadison (mymadison.jmu.edu) to complete the password change.

From on-campus wired connections, logon to your desktop/laptop using your current e-ID password and go immediately to MyMadison to complete the password change process.  (Avoid multiple desktop logins without completing the password change as this may generate lockout conditions).

In either case, after completing your password change, please be patient and allow time for this change to propagate to other systems before trying the new password elsewhere.

For password-related problems or other recovery assistance, contact the HelpDesk at 540-568-3555 or [email protected].

Regrettably, on December 11, the investigation showed evidence that an electronic file containing information including name, address, SSN, date of birth, phone number, health insurance subscriber identification number and other information for approximately 2,800 current and former employees was accessed during the incident.  These individuals will be mailed a letter with additional information and instructions in the upcoming week.  The notification will provide further details and describe how these individuals can take advantage of the complimentary one-year Experian® ProtectMyID® identity theft protection service JMU will offer.  At this time we have no evidence that this information has been used in any way.  However, JMU has established a dedicated call center for individuals with questions related to the notification at 877-841-8158 beginning at 10 a.m. today, Thursday, December 18 and from 9 a.m. to 9 p.m. Monday through Friday thereafter. 

Erin Flynn provides media coverage on The Breeze.

Category: Education SectorHack

Post navigation

← Sony Hackers Snooped for Months, Then Planted 10-Minute Time Bomb
Incident Summary #4: Service provider inadvertently discloses email addresses of nearly 300 customers in mass email →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.