U of Nebraska Breach Affects 650,000Database Containing Personal Info Accessed
The University of Nebraska has reported a breach involving unauthorized access to a database containing information on more than 650,000 students and others.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
The breach was discovered May 23 by a university staff member, according to a security incident page describing the incident. "This was a sophisticated and skilled attack on our system that was discovered and shut down within hours of its discovery," the announcement explains.
So far, there's no evidence that any information was downloaded from the database, says Joshua Mauk, the university's chief security officer.
Information in the database included records for students, parents, employees, alumni and applicants of the university's four campuses.
Melissa Lee, communications manager for the university, confirms that 654,000 records were stored in the database, known as the Nebraska Student Information System. The system stored personal information, including Social Security numbers, addresses, course grades and other details for students, alumni and applicants. Other information that may have been exposed includes certain personal and financial information for parents of students who applied for financial aid, as well as university employees.
Information stored in the database goes as far back as 1985, the university says.
According to Lee, 21,000 individuals had bank account information associated with the database, which includes bank account information or financial aid information for students. However, no credit card numbers were stored in the system, she says.
"The university is advising individuals with bank accounts associated with the NeSIS to monitor their accounts closely in the coming weeks and to report any suspicious activity to their financial institutions," the security incident page notes.
The announcement about the breach does not mention whether the university will provide free credit monitoring services to victims.
The school has reached out to individuals who had bank account information stored on the database, "but we may communicate with additional people based on the findings of our investigation," according to the announcement.
Law enforcement officials are conducting an investigation, and the university has hired a firm specializing in data breaches and forensic analysis to assist in its own investigation. "This will help the university identify limitations in the system and put new safeguards in place for the future," the announcement states.
The university is advising those who may have been affected to view the Federal Trade Commission's identity theft website and report any suspicious activity immediately to the university and to any financial institution involved.
Officials at the university have not yet established a call center. "We will create a toll-free service center if necessary," the security incident page explains. Individuals can submit questions to the school's website.