The University of Nebraska is investigating a breach of their student information database discovered late Wednesday night last week. The security intrusion affected the Nebraska Student Information System, the University said in a statement late last week, it was caught by an IT administrator at the facility and the attempt was quashed by immediate and appropriate action.

The statement by the University quotes Joshua Mauk, NU information security officer, who makes it clear that there’s no evidence that the database was accessed or downloaded; but just to stay on the safe side, they want all students to know that their information may have been exposed.

The NeSIS database includes Social Security numbers, addresses, grades, transcripts, housing and financial aid information for current and former NU students as well as student applicants who may or may not have attended NU. The database includes information for alumni as far back as spring 1985.

According to Mauk, the university is working with local and federal law enforcement to determine the extent of the breach and to what degree, if any, individuals’ personal information may have been compromised. Police are currently pursuing leads in the case, but no further information is available. NU also has hired a leading firm specializing in data breaches to assist in a forensics investigation.

“The University of Nebraska takes the protection of student and alumni information very seriously. Right now we’re focused on determining the exact nature of the breach and communicating with those who may have been affected,” Mauk said in a statement. “We are working with law enforcement and forensics experts to thoroughly reconstruct this incident so that we can identify limitations in our system and put new safeguards in place for the future.”

He added, “We deeply regret any concern or inconvenience this incident may cause our students or alumni.”

A recent news item posted by KETV says that the University is moving forward with a very extensive investigation of the breach alongside local law enforcement. According to officials 20 to 30 people have been investigating the breach 24 hours a day since it took place last week. They added that many of them have come in from their holidays and are even assisting remotely.

The University believes with this number of investigators on the case, “it could be determined as early as Tuesday who is responsible for a system breach.”

It’s hard to say in any case involving a breach that information will be lead directly to a perpetrator so quickly. Much of cyberattack forensics is slow and careful work involving reconstructing the attack, discovering the mode and operation of the attackers, and finally a lot of legwork in meatspace to track them down and show they were involved. Not every attack can be broken as easily as a hacker bragging online with their girlfriend’s breasts (and that’s been a real break in a case.)

Details on the attack itself, the security protocols of the University, and how they’re proceeding with the investigation are extremely sparse.