DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

VA: Security Incident Involving James Madison University Network

Posted on December 20, 2014 by Dissent

December 18, 2014

James Madison University is committed to protecting the confidentiality and security of the information entrusted to us.  This notice contains important information regarding a recent security incident involving JMU’s network.

Since October, JMU Information Technology, along with law enforcement and outside security consultants, has been investigating an incident of unauthorized access to JMU technology resources.  During this time, IT, with guidance from security consultants, took significant steps to further identify and contain this unauthorized activity and prevent greater risk to the university community.  Affected servers associated with the UREC, Parking, Orientation OneBook and CFI Workshop Registration systems were rebuilt as well.  This work culminated in the December 17 network and data center maintenance you experienced.  Simultaneously included were initial measures to further strengthen our network security and more proactively defend against the constant and increasingly sophisticated threats JMU and other universities across the nation face.

To complete the immediate work and help further assure adequate protection going forward, we need the help of our entire JMU user community.  All faculty, staff, students and affiliates must change their e-ID passwords as follows:

From off-campus connections, go directly to MyMadison (mymadison.jmu.edu) to complete the password change.

From on-campus wired connections, logon to your desktop/laptop using your current e-ID password and go immediately to MyMadison to complete the password change process.  (Avoid multiple desktop logins without completing the password change as this may generate lockout conditions).

In either case, after completing your password change, please be patient and allow time for this change to propagate to other systems before trying the new password elsewhere.

For password-related problems or other recovery assistance, contact the HelpDesk at 540-568-3555 or [email protected].

Regrettably, on December 11, the investigation showed evidence that an electronic file containing information including name, address, SSN, date of birth, phone number, health insurance subscriber identification number and other information for approximately 2,800 current and former employees was accessed during the incident.  These individuals will be mailed a letter with additional information and instructions in the upcoming week.  The notification will provide further details and describe how these individuals can take advantage of the complimentary one-year Experian® ProtectMyID® identity theft protection service JMU will offer.  At this time we have no evidence that this information has been used in any way.  However, JMU has established a dedicated call center for individuals with questions related to the notification at 877-841-8158 beginning at 10 a.m. today, Thursday, December 18 and from 9 a.m. to 9 p.m. Monday through Friday thereafter. 

Erin Flynn provides media coverage on The Breeze.

Category: Education SectorHack

Post navigation

← Sony Hackers Snooped for Months, Then Planted 10-Minute Time Bomb
Incident Summary #4: Service provider inadvertently discloses email addresses of nearly 300 customers in mass email →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.