Sections

Weather Forecast

Close

North Dakota University System reports unauthorized account access

BISMARCK—The North Dakota University System has reported there was unauthorized access to an employee's email account in July, an account which contained thousands of individual's personal information.

Core Technology Services, the information technology arm of the NDUS, discovered in July that there had been unauthorized access to an NDUS employee's email account.

Evidence indicates that the account credentials were stolen through a successful "phishing" campaign, the system office said Friday.

No credit card or bank account information was contained in the email account, NDUS said. The suspicious activity was discovered July 12, and a forensic analysis was conducted to properly understand the scope of the incident.

"It is possible the attacker was not aware personal information was in various emails in the account, but to be safe, the NDUS has notified all those who may have been affected," a NDUS release said Friday.

The account contained personal information, such as names and Social Security numbers of about 9,400 individuals, according to the system office. Law enforcement has been contacted, and the account was properly secured.

"Information security is very important to us, and NDUS has consistently worked to minimize these types of interferences," NDUS Chancellor Mark Hagerott said in a statement. "It is a sobering reality that education is often targeted by criminal elements in today's global assaults on IT systems."

In response to incidents like this one and to help prevent them in the future, NDUS says it is continually modifying its systems and practices to enhance the security of sensitive information. One such effort, currently underway, is to enable multi-factor authentication on the NDUS email system.

"There is no indication that any of the personal information was accessed," said Darin King, vice chancellor of information technology/chief information officer. "Nevertheless, we are making every effort to inform people of the situation and are taking every possible precaution to safeguard our systems."

Hagerott led the NDUS staff in a security measures protocol meeting immediately following the incident.

"It is important that all faculty, staff and students from the 11 campuses within the university system — especially new, incoming freshman — are reminded never to put personal identifiable information, such as social security information, in emails," Hagerott emphasized.

NDUS is providing free identity theft protection services to those individuals who want to take steps to guard against identity theft or fraud as a precautionary measure. A letter has also been sent to the affected individuals, which provides additional information on identity protection and the services being offered, NDUS said.

Sydney Mook

Sydney Mook has been covering higher education at the Grand Forks Herald since May 2018. She previously served as the multimedia editor and cops, courts and health reporter at the Dickinson Press from January 2016 to May 2018.  She graduated from the University of South Dakota with a bachelor's degree in journalism and political science in three and half years in December 2015. While at the USD, she worked for the campus newspaper, The Volante, as well as the television news show, Coyote News. She also interned at South Dakota Public Broadcasting and spent the summer before her senior year interning in Fort Knox for the ROTC Cadet Summer Training program. In her spare time, Sydney enjoys cheering on the New York Yankees and the Kentucky Wildcats, as well as playing golf. If you've got an idea for a video be sure to give her a call!

(701) 780-1134
Advertisement