Frequently Asked Questions
Information Technology Services (ITS) installed a new server at the request of the OIR in September 2005. The physical equipment is housed in and maintained by ITS. While connected to the internet to download the latest security patches, the machine was compromised by automated hacking software. This provided root access to the server.
Beginning on November 7, roughly 800 faculty passwords were compromised as a result of the process of authenticating to the online Faculty Workload Survey.
Once discovered on December 7, immediate actions were taken, including removing all hacking software, disconnecting the server from the Internet and notifying any faculty or staff whose passwords may have been compromised.
How was this discovered?
ITS noticed unusual traffic on the network in recent weeks and began manual scans of all central servers. The hacking software was discovered as a result of this investigation. No other central servers have been found to be compromised.
What kind of information was on the OIR server?
OIR is doing an inventory of the kinds of information stored on their server. We do know it contains the following: social security numbers and birthdates for current faculty, staff, and students. In addition to current data, it contains about 10 years of historical data. This includes students, faculty and staff affiliated with ISU since approximately 1995.
Why was personal information located on the OIR server?
The Institutional Research Office is tasked with providing state and federal government agencies with institutional information. OIR is also tasked with determining information and conducting studies related to planning and assessment, budgeting and other institutional needs and requirements.
What steps have been taken since the discovery?
Faculty members whose passwords were at risk were notified on December 7 and were asked to change the potentially compromised passwords. An inventory of information stored on the server is being conducted to identify all potential problems. In addition, on December 8, all current faculty, staff and students were notified via e-mail. Efforts will be made to contact former faculty, staff and students through the Alumni Office and the media.
The FBI has been contacted and their Cybercrime Unit is investigating the situation and assisting ISU with its internal investigation.
What information could be accessed using a faculty password?
If hackers have a faculty password, they could access information on network drives, such as your Y-Drive or departmental share drive. They could not access information that resides on your personal PC hard drive. If you have personally identifiable information for students, patients or others on one of these shared drives, please contact ITS at 282-2872 as soon as possible.
Do you know if any of the information was accessed and, if so, how much?
We have no concrete evidence that information of any kind was accessed from this server. Evidence indicates that authentication activity was “logged” but there is no evidence that the log files were accessed by hackers. However, the possibility exists.
What action is the University taking to protect personal information from being publicly accessed?
Although we took extra security measures with the installation of this server, we are currently evaluating our procedures to identify additional security measures that should be implemented in the future. In addition to local computer-security experts, the FBI Cybercrime Unit will be consulted.