NDUS warned about IT security in 2011: Uncertain whether flaws linked to recent system hack
More than two years before the recent North Dakota University System server breach, in which the personal information of more than 290,000 students, faculty and employees was potentially accessed, an audit that showed there were several areas of ...
More than two years before the recent North Dakota University System server breach, in which the personal information of more than 290,000 students, faculty and employees was potentially accessed, an audit that showed there were several areas of high risk.
One of them was IT security.
University System spokeswoman Linda Donlin said in an email she “couldn’t speculate” on whether the hack had anything to do with holes in the system from 2011, as the investigation is ongoing.
The audit, performed by the firm LarsonAllen, cited “shadow systems” that were able to be used by outside parties, as well as employees with “additional access than what is needed based on job responsibility.”
At the time, the University System proposed reviewing employee roles to perhaps change their level of access and developing a “recommendation to help establish procedures for identifying, cataloging and coping with data collections and systems,” such as shadow systems.
In other words, they were going to work on it.
Donlin said in the email that since then, the University System has implemented programs to eliminate some shadow systems, reviewed and restricted some user access to certain sensitive information and provided threat detection services to University System Internet links at state agencies, political subdivisions and K-12 schools.
“Security of our system and protection of our data is of the utmost importance to us,” Donlin said. “It is something we must be ever-vigilant about as criminals like this are always looking for ways to commit their crimes.”
The University System said the recent server hack, which went on for four months before being noticed Feb. 7, was used as a launch pad to access other servers and have no evidence any personal information was used or stolen.
The University System is offering free identity protection services through AllClear ID for the next year and have opened a call center to answer any questions about the incident. The call center can be reached at 855-711-5990 from 8 a.m. to 8 p.m. Monday through Saturday.