A cyber crook used a phishing scam to break into a North Carolina State University email account containing personally identifiable information.
How many victims? Approximately 38,000
What type of information? Names, home address from 2013, student ID numbers, and social security numbers were all compromised.
What happened? On June 3, 2016, Google informed NC State that suspicious activity was being conducted on a university email account relevant to conducting university business. School officials launched an investigation into the incident and found the account contained a file from 2013 which contained names, mailing addresses, university ID numbers and social security numbers. The account also contained an email containing additional names and social security numbers. The account was compromised through a “sophisticated phishing scam,” officials said.
What was the response? NC State, in conjunction with law enforcement, initiated an incident response team, performed computer forensics, scanned the account for all possible data, developed notification lists, and retrieved credit monitoring codes for all potentially affected individuals. The compromised files and emails have since been removed from the account. NC State required those affected to change their account credentials and the school increased security protocols to include two-step verification for account access. Officials also strengthened security protocols for other campus wide systems containing sensitive data. Those affected will receive a year of free credit monitoring services.
Quote: “NC State is committed to protecting sensitive and confidential information and will continue to monitor the situation in conjunction with law enforcement,” NC State Assistant Director for News and National Media Coordinator said in a July 8 press release.