The North Dakota University System (NDUS) recently began notifying more than 290,000 current and former students and approximately 780 faculty and staff members that their personal information, including their names and Social Security numbers, may have been exposed when a university server was breached (h/t SC Magazine).
According to NDUS, a hacker operating outside the U.S. used the server as a launching pad to attack other computers starting in October 2013 -- while there's no indication that the hacker also accessed the personal information stored on the server, NDUS is notifying all those potentially affected.
"Our investigation, as well as the investigation of an external forensics organization, revealed that even though an unauthorized person(s) did gain access to the server, there was no evidence that any sensitive information was accessed or transferred from the server," NDUS stated in a FAQ. "Based on the forensic investigation, it is likely the intruder's intent was only to use the server's processing power to launch attacks on other computers and systems."
The breach was discovered on February 7, 2014, and the server was locked down. All those affected are being offered one year of free identity protection services from AllClear ID.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Students, faculty and staff with questions are advised to contact (855) 711-5990.
"Information security is of the utmost importance to us, and it is very unfortunate this has happened," NDUS interim chancellor Larry C. Skogen said in a statement. "We are working diligently to help make sure this doesn't happen again. It's disturbing that higher education is often targeted by criminal elements in today's global assaults on IT systems."