Most Recent Entries
Facts about the server breach
Facts regarding the Math Placement Test server breach:
The breach on this server was found during a routine scan during a system update.
There were several thousand letters sent out to students regarding this event.
No extensive personal information was on the server in question.
An NUID, or Nebraska Unique Identification, is a unique 8-digit number assigned to students, faculty and staff members during either admissions or hiring.
There is no evidence to think this information has been used for illegal or malicious activity.
We’ve taken steps to address the situation.
Though this can be classified as a relatively minor risk, we are taking the appropriate precautions. We also have asked letter recipients to monitor systems for which they use their NU ID for access and to reset their MyRed passwords as an extra precaution.
Date IssuedTuesday, December 20, 2016 - 15:45
Text of letter sent to students regarding breach
Below is a letter sent to students from College of Arts and Sciences Dean Joseph Francisco and Mark Askren, the university’s chief information officer, notifying them of potential impacts following an uncovered server breach.
COLLEGE OF ARTS AND SCIENCES Office of the Dean
At some point in the last two years you participated in the Math Placement Exam at the University of Nebraska-Lincoln. University officials recently learned of a security breach involving the server that runs this placement exam. Among the items stored on this server were NU IDs, grades for placement exams, and names of participants. The university‘s investigation found that there was unauthorized external access to information on this server including possible access to files containing both names and NU IDs. We immediately shut down the server and have since moved the Math Placement exam to a secure platform.
We are notifying you because you are one of the people whose name, NU ID number, and grades for placement exams were stored in a data file on this server. Currently, we have no evidence that anyone has used this information for illegal or malicious activity. We are sending you this notification as a courtesy, and encourage you to monitor systems for which you use your NU ID for access. We have no reason to believe that these other systems have been compromised, as we have duplicate safeguards protecting them. As a precaution, the MyRed system will automatically reset your account and a temporary password will be sent to your email account. Please login to MyRed using this temporary password and then reset your password accordingly.
We are sorry that your personal information may have been subject to unauthorized access and we have taken measures to ensure that this situation is not repeated. The university is committed to maintaining the privacy of personal information and takes many precautions to monitor and safeguard the security of its computers and personal information. If you have further questions about this process or about the incident, you can contact Alecia Kimbrough, Assistant Dean in the College of Arts and Sciences, at 402-472-2891 or firstname.lastname@example.org. We apologize for any inconvenience this may present to you.
Joseph Francisco, Dean, College of Arts and Sciences
Mark Askren, Vice Chancellor for Information Technology and CIO
University of Nebraska-Lincoln