The personal information of nearly 300,000 people is potentially at risk after North Dakota University System discovered 'suspicious access' to one of its servers on February 7.
An entity outside the country used the server as a launching pad to attack other computers, possibly accessing outside accounts to send phishing emails.

While there is no evidence that the personal information of more than 290,000 current and former students and about 780 faculty and staff was abused, personal information like Social Security numbers and names were housed on the server. No credit card or bank information was kept on it. University officials estimate the outside source had access from late October 2013 until February 7, 2014.

Although the breach was discovered nearly a month ago, university officials needed time to secure the server, conduct a thorough investigation, and properly understand the scope of who was potentially affected. "There is no indication that any of the personal information was actually accessed," said Lisa Feldner, vice chancellor for information technology and institutional research. "Nevertheless, we are making every effort to inform people of the situation and are taking every possible precaution to safeguard our systems."

In response to the breach, NDUS removed all access to the affected server and revalidated all users. "Information security is of the utmost importance to us, and it is very unfortunate this has happened" said NDUS Interim Chancellor Larry C. Skogen. "We are working diligently to help make sure this doesn't happen again. It's disturbing that higher education is often targeted by criminal elements in today's global assaults on IT systems."

NDUS has established a list of frequently asked questions for those concerned or affected by the security breach. The university system vows to enact more stringent measures and has developed a task force to address how to access data more securely across the system.