The University of Connecticut announced an investigation of a cyber intrusion into its servers, “apparently originating” from China in a statement with a lengthy explanation of the steps the university has taken to determine the extent of the hack, which may date back to September 2013.
UConn’s School of Engineering servers showed signs of unauthorized access, which university officials said had been addressed and there is “no direct evidence” that any data had been stolen from the system. UConn added that additional measures had been implemented to protect its servers from future attacks, as well as to help individuals and researchers whose data may have been accessed.
“The University is proceeding from an abundance of caution by notifying roughly 200 research sponsors in government and private industry, as well as working to determine how many individuals need to be notified about a potential compromise of personal information,” said Michael Mundrane, vice provost and chief information officer at UConn. “UConn places the highest priority on maintaining the security and integrity of its information technology systems. That’s why, in addition to assisting individuals and research partners in responding to this incident, we’re taking steps to further secure our systems.”
The School of Engineering notified staff, students, visitors and the 1,800 people who were using the school’s Lync instant messaging application at the time that their university log-in credentials could have been exposed. The schools recommended that all users change their passwords and noted that anyone whose sensitive information such as Social Security numbers would be offered identity theft monitoring services.
“The unfortunate reality is that these types of attacks are becoming more and more common,” Mundrane said, “which requires us to be even more vigilant in protecting our University community.”
The engineering school’s IT department discovered malware on servers related to the school’s technical infrastructure in March 2015, according to officials. Outside firm Dell SecureWorks was brought in to determine the extent of the event and it was further discovered that unauthorized access began on Sept. 24, 2013.
“Given the increasingly sophisticated threats against large organizations around the world, UConn has launched a comprehensive review of all related IT security practices and procedures. This review is part of a wider effort to protect University employees and sensitive data from attack,” noted officials.
UConn joins Rutgers and Penn State as targets of cyber attacks within the last year. Experts observe that colleges and universities present a difficult environment to guard against cyber intrusions.
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
