University of Maryland faces more cybersecurity woes

Four weeks after massive data breach, University of Maryland victim of ‘cyber-intrusion’

cyber-security-marylandThe University of Maryland alerted administrators last week that someone hacked into its computer network and accessed the personal data of a senior university official.

The “cyber-intrusion,” as Ann G. Wylie, the university’s interim vice president, called it, came just four weeks after another data breach compromised 287,580 records. The two incidents are unrelated, Wylie said, and only the senior official’s data was accessed in the most recent incident.

“Within 36 hours, the FBI, U.S. Secret Service, and the University’s Police Department, working with University’s IT security staff, successfully mitigated the intrusion,” she said. “We thank these organizations for their expeditious and effective actions.”

In a letter to the university’s vice presidents, deans, and department chairs, Wylie outlined the mission of the new President’s Task Force on Cybersecurity. The task force, she said, is currently:

  • Evaluating cybersecurity consulting firms that can assist in strengthening our intrusion prevention and conducting penetration testing.
  • Identifying sensitive information in university databases to determine whether they are needed and how to better isolate them. All sensitive records in the breached database that are no longer required have been removed.
  • Examining national cybersecurity policies, procedures and best practices to establish an appropriate balance between centralized security and broad access on University networks.

The 18-member taskforce was created in the wake of February’s larger data breach, and first met on March 12

(Next page: UMD is not the only university suffering from data breaches and leaks)

University IT staff have now changed the passwords used for all databases and applications, conducted an audit of other campus-related websites, and “closed the pathways” used in both of the recent breaches.

The university is offering five years of credit protection to those affected in February’s breach. About 30,000 people had registered for the service as of mid-March.

“In the coming days and weeks, we will announce additional security measures,” Wylie said. “The University is investing the financial and personnel resources required to better protect the personal, financial, academic, and research information of all members of the University community.”

The University of Maryland is not the only institution struggling to keep student and employee data from falling into the wrong hands.

In the last year, data leaks and breaches have compromised hundreds of thousands of records at Indiana University, University of North Carolina, the University of Delaware, and the University of Mississippi, among others.

More than 3 million records at higher education institutions were exposed in 2013.

“The complexities and issues underlying the structure of our campus-wide information systems are significant,” Wylie said in another letter earlier this month. “The scope and importance of work is paramount. Since the attack on UMD, several other universities have reported breaches of their own, affirming the case that there is perhaps no more compelling issue today than the sanctity of our financial, academic, personal, and research data.”

Follow Jake New on Twitter at @eCN_Jake.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Latest posts by Jake New (see all)

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.