The University of Nebraska's information security officer said Sunday authorities have a lead in the investigation into who hacked into a computer database holding 654,000 student and alumni records, including Social Security numbers.
No arrest had been made, NU's Joshua Mauk said. But the university and law enforcement spent the weekend retracing the hacker's steps and were getting closer to figuring out that person's identity.
Officials are trying to make sure they know every piece of information that was compromised during last week's security breach.
“We're putting together a full summary of events to replicate some of the things the hacker did so we can have a better understanding of what data was accessible,” Mauk said. “We want to know the full ramifications of what he had access to.”
NU officials discovered the problem Wednesday, evidently notified university regents Thursday and issued a public statement late Friday. Mauk has said only a short time elapsed between the breach and its discovery.
Sunday, he declined to say whether the suspected hacker acted alone or was part of a group. Whoever did it was a skilled hacker whose intent was elaborate and malicious, Mauk said.
The computer database holds 654,000 Social Security numbers as well as other personal information. It serves all four NU campuses — one in Lincoln, two in Omaha and one in Kearney — and includes alumni information from as far back as 1985.
At stake is not only personal information such as grades, but potentially critical information like Social Security numbers — which can be used for identity theft — and, in some cases, bank account numbers.
Mauk said that as of Sunday, officials had not been notified of any identity theft cases stemming from the breach. Even so, 21,000 people whose bank account information was on the student information system have been alerted.
The investigation continued Sunday and included local and federal law enforcement.
An unnamed security firm will perform forensic analysis, examining the evidence to ascertain who was behind the breach and how it was done.
Mauk said he has received a lot of questions about the breach from students. He said those questions and their answers are being posted and updated on the University of Nebraska's website.
According to information on that website, data for the Nebraska State College System does not appear to have been breached, though the investigation is continuing.
In addition, students who used credit cards to pay tuition did not have their credit cards compromised, because that information is stored separately.
The university recommends that anyone with concerns go to the Federal Trade Commission's website to review identity theft information.
Contact the writer: