UPDATED 11:31 EST / MAY 30 2012

NEWS

University of Nebraska Student Records Breach Exposes 650,000 Individuals

The University of Nebraska is investigating a breach of their student information database discovered late Wednesday night last week. The security intrusion affected the Nebraska Student Information System, the University said in a statement late last week, it was caught by an IT administrator at the facility and the attempt was quashed by immediate and appropriate action.

The statement by the University quotes Joshua Mauk, NU information security officer, who makes it clear that there’s no evidence that the database was accessed or downloaded; but just to stay on the safe side, they want all students to know that their information may have been exposed.

The NeSIS database includes Social Security numbers, addresses, grades, transcripts, housing and financial aid information for current and former NU students as well as student applicants who may or may not have attended NU. The database includes information for alumni as far back as spring 1985.

According to Mauk, the university is working with local and federal law enforcement to determine the extent of the breach and to what degree, if any, individuals’ personal information may have been compromised. Police are currently pursuing leads in the case, but no further information is available. NU also has hired a leading firm specializing in data breaches to assist in a forensics investigation.

“The University of Nebraska takes the protection of student and alumni information very seriously. Right now we’re focused on determining the exact nature of the breach and communicating with those who may have been affected,” Mauk said in a statement. “We are working with law enforcement and forensics experts to thoroughly reconstruct this incident so that we can identify limitations in our system and put new safeguards in place for the future.”

He added, “We deeply regret any concern or inconvenience this incident may cause our students or alumni.”

A recent news item posted by KETV says that the University is moving forward with a very extensive investigation of the breach alongside local law enforcement. According to officials 20 to 30 people have been investigating the breach 24 hours a day since it took place last week. They added that many of them have come in from their holidays and are even assisting remotely.

The University believes with this number of investigators on the case, “it could be determined as early as Tuesday who is responsible for a system breach.”

It’s hard to say in any case involving a breach that information will be lead directly to a perpetrator so quickly. Much of cyberattack forensics is slow and careful work involving reconstructing the attack, discovering the mode and operation of the attackers, and finally a lot of legwork in meatspace to track them down and show they were involved. Not every attack can be broken as easily as a hacker bragging online with their girlfriend’s breasts (and that’s been a real break in a case.)

Details on the attack itself, the security protocols of the University, and how they’re proceeding with the investigation are extremely sparse.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU