ND University System reports 'suspicious activity' on server that stores personal info
BISMARCK — A North Dakota University System server containing the personal information of more than 290,000 former students and faculty was hacked in early February, system officials said Wednesday.
Interim Chancellor Larry Skogen said law enforcement has been contacted, and it is still unclear whether any personal information was stolen by the hacker, who is thought to have operated from outside the United States.
The server itself is run by the University System’s information technology support arm, Core Technology Services, and is located in Grand Forks. It contained the names and Social Security numbers of 290,000 former students, including information for about 1,300 applicants for the fall 2014 term and 780 faculty and staff. No credit card or bank information was included, nor was personal information of the parents of students.
The University System is working on notifying those with potentially compromised information and will offer identity protection services to them, though the actual method and process of notifying the thousands of people is still unclear.
A call center is also in the process of being set up to answer questions from those who think they might have been affected.
For now, a website has been set up at ndus.edu/data to provide information about the breach.
The breach was noticed Feb. 7, when it was realized the server was being used to launch attacks against other computers and send phishing emails. The server was locked down and an internal investigation was begun to find out what exactly had happened.
King said all they have been able to surmise is that the server was used to relay traffic online by someone offshore who gained unauthorized access to an account.
“It’s for people to hide their tracks when they’re trying to do something,” he said.
The University System then contacted law enforcement.
Deputy Chief Information Officer Darin King said a technical investigation had to be done before information about the attack was made public.
A press release stated the server information has been “sent to a national forensic organization” and the investigation is ongoing. There are no leads as to who is behind the breach.
Skogen said “it may be weeks” before the forensic evidence yields more answers.
While a breach of this kind has never happened to the University System before, Skogen said it must remain “ever vigilant” in protecting its information.
“We are doing everything possible to make sure this doesn’t happen again,” Skogen said.
Skogen said it is unclear how much this will ending up costing the University System.