Core Technology Services, the information technology arm of the North Dakota University System, discovered that there had been unauthorized access to a NDUS employee’s email account. Evidence indicates that the account credentials were stolen through a successful “phishing” campaign. It is possible the attacker was not aware personal information was in various emails in the account, but to be safe, the NDUS has notified all those who may have been affected.
“Information security is very important to us, and NDUS has consistently worked to minimize these types of interferences,” said NDUS Chancellor Mark Hagerott, who led the NDUS staff in a security measures protocol meeting immediately following the discovered access to the account. “It is a sobering reality that education is often targeted by criminal elements in today’s global assaults on IT systems.”
No credit card or bank account information was contained in the email account. The suspicious activity was discovered on July 12, and a forensic analysis was conducted to properly understand the scope of the incident. Law enforcement has been contacted, and the account was properly secured. The account contained personal information, such as names and Social Security numbers of about 9,400 individuals. “It is important that all faculty, staff and students from the 11 campuses within the university system – especially new, incoming freshman – are reminded never to put personal identifiable information, such as social security information, in emails,” Hagerott emphasized.
In response to incidents like this one and to help prevent them in the future, NDUS is continually modifying its systems and practices to enhance the security of sensitive information. One such effort, which is currently underway, is to enable multifactor authentication on the NDUS email system.
“There is no indication that any of the personal information was accessed,” said Darin King, vice chancellor of information technology/chief information officer. “Nevertheless, we are making every effort to inform people of the situation and are taking every possible precaution to safeguard our systems.”
NDUS is providing free identity theft protection services to those individuals who want to take steps to guard against identity theft or fraud as a precautionary measure. A letter has been sent to the affected individuals, which provides additional information on identity protection and the services being offered.