The UConn Engineering department recently acknowledged a “criminal cyber intrusion” in their servers. The data breach, suspected to have originated from China, may have exposed personal information, but officials have not reached consensus on the extent of exploited information.
The first data breach, traced back to September 2013, went undetected and “opened the door” for malware to be inserted into the UConn Engineering computer network said Tom Breen, a spokesperson for the UConn Engineering Department.
“These types of things have become more and more common,” Breen said, “universities have to be vigilant and proactive to protect our resources from harmful intruders.
UConn IT professionals, working with outside specialists, deduced that the attacks originated in China based off of the type of malware. Officials said that personally identifiable information might have been compromised, but cannot say decisively either way.
“We noticed the malware in March of this year,” Breen continued, “Part of the challenge of going back is that we don’t have all of the information before a certain point.”
“We don’t have any direct knowledge that any data was taken out at all, but we’re assuming that it was, and we’re taking steps to up our security to be on the safe side.”
The F.B.I. and State Attorney general were notified in response to the cyber attacks.
UConn is “taking steps to further secure our systems,” said Vice-Provost and Chief Information Officer at UConn, Michael Mundrane, in a public statement.
The vulnerable point in the servers was patched, all passwords were reset, and all servers that were compromised were decommissioned and rebuilt.
“Hopefully we can come up with some new policies that will make us stronger and better prepared for cyber attacks like this in the future,” Breen said.
New policies will likely university-wide and will likely take effect during the 2015-2016 academic year.