LINCOLN — University of Nebraska officials are investigating a major computer security breach into the personal records of thousands of current and former students at the university's four campuses.
Local and federal law officers and a private security firm were working with the university to determine the extent of the breach and what personal information may have been compromised, the university said.
The electronic database includes 654,000 Social Security numbers, as well as addresses, grades, transcripts, and housing and financial aid information.
The database also includes information for alumni as far back as the spring of 1985, as well as for people who applied to the university but did not attend school there.
NU officials stressed that “at this time there is no clear evidence that any information was downloaded.”
“This was a sophisticated and skilled attack on our system that was discovered and shut down within hours of its discovery,” the university said in a statement.
About 30,000 NU students and alumni will receive email notices today about the security breach.
They are people whose bank account or other financial information had been recorded in the Nebraska Student Information System, said Joshua Mauk, NU information security officer.
The notices are being sent “in an abundance of caution,” Mauk said.
The system is used to manage all student services records. However, the system does not include financial records for every student. Typically, bank account records are included in situations where a student received a direct deposit refund after dropping a class, he said.
Regarding Social Security numbers, Mauk said NU officials are developing a plan of action to notify those people.
Mauk said the computer system is monitored around the clock by staff and an automated system. A technician on Wednesday night noticed immediately that the breach had occurred and took corrective action.
He said he could not release details about the breach because it is under investigation.
Mauk said his department has been working “nonstop” since Wednesday to identify those students and alumni who might be vulnerable.
He said a press release Friday night and Saturday's emails were the soonest notification possible for those who might be affected.
More forensic work will be done during the next week to determine what information the intruder may have obtained. Mauk said police had at least one lead in the investigation, but he declined to provide details on whether multiple people were involved or where the intruder might be located.
Data for the Nebraska State College System, which also is housed in the Nebraska Student Information System, did not appear to have been breached, but the investigation is continuing, the university said.
The university has created a website, http://nebraska.edu/security, where individuals can submit questions and view the most current information related to the breach and ongoing investigation. The university will establish a toll-free service center if needed.
“The University of Nebraska takes the protection of student and alumni information very seriously,” Mauk said. “We are working with law enforcement and forensics experts to thoroughly reconstruct this incident so that we can identify limitations in our system and put new safeguards in place for the future.
"We deeply regret any concern or inconvenience this incident may cause our students or alumni.”
Contact the writer: 402-473-9581, email@example.com