By CARL SMITH
Mississippi State University officials are investigating a cyber attack in which hackers obtained non-sensitive employee data from one of the school’s numerous servers.
A preliminary investigation revealed no vital data — Social Security numbers, credit card information, health information or grades — was compromised, MSU Chief Information Officer Mike Rackley said in a release Wednesday.
MSU University Relations Director Sid Salter said the attack did not affect students or the university’s Banner Web services.
On Wednesday, Hack Read News, a website that publishes information on technology, security and hacking news, posted information and links related to a Brazilian hacker’s claim of obtaining data on 929 MSU-affiliated individuals. The actual number of impacted MSU Web services users is 525, university officials said in a release.
MSU President Mark Keenum was advised of the incident and tasked Rackley for the investigation.
“Cyber crimes and ‘hacking’ plague Fortune 500 companies, the federal government and unfortunately is a reality in higher education as well,” Keenum said in a release Wednesday. “We’re very sensitive to the concerns such attacks generate, but at this point we believe that the secure data of these individuals remains safe.”
“This represents only one of hundreds of servers in the MSU system,” Rackley said in a release Wednesday. “In response to incidents like this one and the increasing number of Internet-enabled computer attacks, Mississippi State continually modifies its systems and practices to enhance the security of sensitive information.”
Following the attack, MSU’s Information Technology Services notified employees and advised them to change their online passwords.
Raw data from the hack posted on the Internet revealed more than 10 encrypted passwords which were still “salted and hashed.”
Joe Farris, an assistant to the president, was one of the MSU employees linked to the posted encrypted passwords. He said the entry was used for an administrative website he “very rarely used in the past,” and the site itself contained “no information of consequence” to his privacy.
“I was contacted directly by telephone this morning and was explained what had happened as it related to my own information,” Farris said. “That password was not necessarily my ‘everyday’ password. In any case, I immediately changed my passwords for all applications. I am completely comfortable with how (MSU ITS) handled the situation.”
Other data from the hack posted on the Internet revealed information was obtained from hundreds of employees’ MoneyMate accounts. No sensitive information was present in this data block, but timestamps reflecting deposits were available.
Everett Kennard, MSU Transportation Services manager, had his MoneyMate information posted from the hack and said the data published more than likely represented the 2006 date he opened an account.
“I know for a fact I put $250 in that account then,” he said, referring to the hacked data posted on the Internet. “The whole technological issue is scary to me. We live in a technology-based world and we’ve come to depend on technology for almost everything. Everything I have is linked through the university somehow, but I have confidence in our ITS department to keep sensitive information secure.”
“It’s just one of those things. I’ve been meaning to change my passwords for a while, anyway,” Thomas Lafoe, an instructional technology specialist with the university’s library, added. Lafoe’s MoneyMate information was also posted following the hack. “The university is very much on top of security and will patch this issue very quickly.”