Security breach under investigation
Published: Sunday, June 17, 2012
Updated: Monday, June 18, 2012 10:06
A recent breach of the Nebraska Student Information System (NeSIS) database has raised serious concerns about the security of student files stored via online university databases. On May 23, Nebraska University (NU) officials were made aware of a breach in the NeSIS system because of a routine check performed by computer technologists at the university.
“A team alerts us if there is something abnormal [in the system],” NU Security Information Officer Joshua Mauk said. “From there we go back to the history and logs to see how the individual logged in and where they came from.”
NU officials were able to detect that the individual who breached the system had seen files dating from 1985. This compromised the credit card information, social security information, etc. of students from the states’ three universities (UNO, UNL, UNK) as well as Nebraska’s three state colleges (Chadron State, Peru State, and Wayne State). The individual responsible for the breach is believed to be a University of Nebraska Lincoln undergraduate.
As a precautionary measure the university has recommended that students pay close attention to their bank accounts and report any suspicious activities to their appropriate financial institutions.
Mauk said a similar situation occurred last year when a student hacked into an ex-girlfriend’s university account but stated also that this situation is clearly different.
“This type of deliberate attack of our system is the first that had success,” Mauk said.
Clear of the legal implications, NU informed university students about the breach via e-mail and also informed the media in a press release on May 30.
UNL Police Chief Owen Yardley stated in the press release that NU officials waited to release the information about the breach for 48 hours so the investigation was not jeopardized. NU has found the person responsible and has retrieved all of the technology used to breach NeSIS. They have not yet released the individual’s name..
In the e-mail to students, NU officials assured its students there “is no clear evidence that any information was downloaded [by the individual].”
UNO pre-nursing sophomore Emily Nachun was disturbed to find that a student would compromise their academic career by committing this crime and hopes the university will take strong action.
“Why would someone who is going to college to get an education risk [that] and throw it all away?” Nachun said. “I’m not going to blame UNO but I certainly hope they advance and get better security.”
In an age where almost everything has become consolidated onto the Internet, the safety of student files is in the hands of the university, and that role shifts when events like this happen.
“No matter what new technology institutions and businesses have, there is going to be someone else that is one-step-ahead,” Nachun said.
This is why Nachun believes it is important the university continues to try to prevent these events and prosecute individuals who choose to commit these types of crimes to deter others from contemplating similar actions.
According to Mauk, NU has been investing in new security technology for the past five to six years, and the university is doing all it can to protect student information.
“We have an outside consultant making recommendations on how we can further protect privacy of students,” Mauk said. “We are also working with the FBI to go over all of the analysis.”
On Friday, June 8, Mauk, Yardley and other persons involved in the investigation had a meeting with the University Board of Regents discussing new developments in the case.
NU has made a website available (http://www.nebraska.edu/security) to the public where they can discuss concerns they may have, and a toll free number will soon be made available to address concerns as well.