The University is responding to a criminal cyberintrusion through which hackers apparently originating in China gained access to servers at UConn’s School of Engineering. UConn has implemented a combination of measures intended to further protect the University from cyberattack, and to assist individuals and research partners whose data may have been exposed.
UConn IT security professionals, working with outside specialists, have no direct evidence that any data was removed from the School of Engineering’s servers. However the University is proceeding from an abundance of caution by notifying roughly 200 research sponsors in government and private industry, as well as working to determine how many individuals need to be notified about a potential compromise of personal information.
“UConn places the highest priority on maintaining the security and integrity of its information technology systems,” said Michael Mundrane, Vice Provost and Chief Information Officer at UConn. “That’s why, in addition to assisting individuals and research partners in responding to this incident, we’re taking steps to further secure our systems.”
The security breach was first detected by IT staffers at the School of Engineering on March 9, 2015, when they found malicious software, or “malware,” on a number of servers that are part of the school’s technical infrastructure.
The School of Engineering immediately notified faculty, staff, students, visitors, and emeriti – as well as roughly 1,800 users of the Lync instant communication tool used across the University at the time – that their log-in credentials had potentially been compromised, and recommended that those individuals change their passwords.
The University’s Information Security Office, in collaboration with School of Engineering staff and Dell SecureWorks, worked to identify the extent of the breach, secure the affected systems, and prepare a comprehensive review and response.
As a result of that process, this week the University began notifying research partners in government and private industry about the breach. Although the University has no evidence that any data was taken from the servers, or “exfiltrated,” the notifications are part of an appropriate, prudent response.
As part of the ongoing process of analyzing the extent of the attack, the University believes that personally identifiable information of consumers may have also been compromised. Those individuals whose sensitive information (such as Social Security numbers or credit card information) is determined to have potentially been compromised will be notified and provided with the option to enroll in identity protection services.
“The unfortunate reality is that these types of attacks are becoming more and more common,” Mundrane said, “which requires us to be even more vigilant in protecting our University community.”
SOURCE: University of Connecticut
Related: From their FAQ on Incident:
What did the investigation reveal?
Based on analysis done both internally by the University and by Dell SecureWorks, it was determined that the first penetration of a server on the School of Engineering network occurred on Sept. 24, 2013, with further penetration of the system occurring after that date. Although the University has no direct evidence that any data was exfiltrated, it is proceeding as if that were the case by notifying individuals with personal information that could have been compromised, as well as research partners outside the University.