Officials at the University of Nebraska at Kearney discovered a security breach involving nine university computers in early June, and this week, letters are going out to individuals who may be affected.
"The computers involved in the incident were immediately secured, and the university took additional steps to prevent unauthorized external access to any campus computers," said Deborah Schroeder, UNK assistant vice chancellor for Information Technology.
"The university has conducted a thorough investigation," Schroeder said. The incident took place on Sunday, June 8, and was discovered Monday morning, June 9. Of the nine computers involved, five contained names and partial or complete social security numbers.
The breach, which originated in the Republic of Slovenia, was confined to computers in the College of Natural and Social Sciences. Computers involved included two each in the biology, history and psychology departments; and one each in the mathematics, computer science and sociology departments. The files included advisees in the Department of History in 2002 and 2003, deciding students in Fall 2001 and Fall 2002, and students in the online Master of Science in Biology program since Spring 2005. In all, 2,035 letters are being mailed. No academic records were affected.
"We have no evidence that an unauthorized individual has actually retrieved, or is using, any of the social security numbers for illegal or malicious activity," Schroeder said. "It is possible that the intrusion was intended to either disrupt normal business or use the computers' processing power to launch similar attacks on other computers, possibly only to proliferate spam. The intruder may not have been aware that files with personal information were stored on the computers.
"Letters are being mailed to everyone whose Social Security number was found on the five desktop computers," she said, adding, "Since 2005, we have assigned the NU-id to all students and employees. We no longer use the Social Security number as a personal identifier.
"The University of Nebraska at Kearney is committed to maintaining the privacy of sensitive information and takes many precautions to address the security of personal information, including firewalls, intrusion detection, monitoring of data in motion and file encryption," Schroeder said. A Web site with detailed information regarding the security incident has been established at http://its.unk.edu/securityincident/
"Although we have no reason to believe that the information has been compromised, we are bringing this incident to the attention of those whose Social Security numbers are involved so that they can take steps, exercising abundant caution, to protect themselves," she said.
The Web site includes instructions on how to obtain a copy of a free credit report, place a fraud alert on a file and lists contact information for the three national credit bureaus. The site also lists contact information for the Federal Trade Commission and the Social Security Administration.
"Individuals may want to place a fraud alert with the national credit bureaus listed on the Web site and periodically obtain a credit report to ensure accounts have not been activated without their knowledge," she said. "If they suspect unauthorized changes have been made to their account information, or that an account has been fraudulently established or changed using their identity, they should contact law enforcement and the appropriate financial agencies.
"We will not contact anyone over the phone or via e-mail regarding this incident. We strongly recommend that people do not release Social Security numbers in response to telephone or email contacts that they have not initiated.
"We regret that information entrusted to the University of Nebraska at Kearney may have been subject to unauthorized access, and we have taken measures to ensure that this situation is not repeated," Schroeder said. "We are committed to maintaining the privacy of sensitive information. We sincerely regret any inconvenience this incident may present to those involved."
Individuals with further questions about the incident may contact the Office of the Assistant Vice Chancellor for Information Technology at 308.865.8950.