14 DAY TRIAL // The Iowa State University’s IT staff has discovered unauthorized access to a total of five servers. The machines in question contained some sensitive information, but the university believes that the attackers were simply trying to use their computing power to mine Bitcoins.
According to the university, the compromised servers stored the social security numbers of close to 30,000 students who had enrolled between 1995 and 2012. No financial information was exposed and there’s no evidence that the files containing the SSNs have been accessed.
“We don’t believe our students’ personal information was a target in this incident, but it was exposed,” stated Iowa State University Senior Vice President and Provost Jonathan Wickert.
“We have notified law enforcement, and we are contacting and encouraging those whose Social Security numbers were on the compromised servers to monitor their financial reports,” he added.
In addition to those whose SSNs have been exposed, the university is also contacting close to 19,000 students whose university ID numbers were stored on the breached servers. This information can only be used on campus and it poses no financial risk.
Those whose SSNs could have been compromised are being offered one year of free credit monitoring services through AllClear.
The targeted servers are made by Synology, and they’re popular among cybercriminals who use compromised computers to mine for Bitcoins. The breached machines have been destroyed. Other similar servers will be replaced in the upcoming period. In the meantime, software updates have been installed to keep hackers out.
“Iowa State has always taken information security very seriously, and we will continue to take every possible action to safeguard the personal information of those who learn and work here,” Wickert added.
“We have well-regarded cyber defense experts here who not only protect university data, but educate others on how to prevent computer attacks. Unfortunately, Iowa State is not immune to hacking, but we are disappointed and sorry for the inconvenience this incident may cause.”
Meanwhile, the university warns students, faculty, staff and alumni about phishing attempts. The university, the ISU Foundation, and the ISU Alumni Association do request information from their members. However, none of these bodies ever asks for SSNs over phone or via email.
Those who come across suspicious emails can check if they’re legitimate by contacting the ISU Foundation, the ISU Alumni Association or the university’s IT security team at “serverbreach [at] iastate.edu.”