University of Illinois provides update on earlier ransomware attack
In early July, a global cyberattack hit the National Student Clearinghouse, among other organizations. The NSC is a nonprofit and nongovernmental organization founded by and extensively used by the higher education community to carry out the functions of student enrollment and degree verification reporting.
At the time, the University of Illinois announced the possibility student’s personal data had been compromised, but had no other details.
Thursday, the university issued a statement with more information from NSC.
“That organization’s review of the files accessed in the attack found that the names and dates of birth of eight University of Illinois Urbana-Champaign students had been accessed, as well as the names and dates of birth of 11 University of Illinois Chicago students. Additionally, the intruders obtained the names of 92,274 Chicago, Springfield, and Urbana-Champaign students from NSC but none of their personal data fields were accessed,” said the memo signed by Nicholas Jones, Executive Vice President and Vice President of Academic Affairs, and Joe Barnes, the university’s Chief Digital Risk Officer.
According to NSC, the attack exploited a vulnerability in a software product widely used to transfer data files. The organization had said it used additional security measures and quickly closed down the unauthorized access.
The university added that NSC is contacting the 19 students whose dates of birth were accessed, offering additional support. According to the U of I, the other 92,274 students whose names were obtained are not at increased risk as result of that limited exposure. And, students who enrolled for the first time this fall in any of our three universities are not affected.
“We will continue to inform you of incidents that rise to this magnitude, but it is a good reminder to maintain a high level of vigilance in protecting university resources and in safely managing your personal business. We strongly encourage you to fully engage in the extensive cybersecurity training provided by the University of Illinois System, and we remind you below of some simple steps you can take to protect your identity,” the memo said.
(This story may be updated)