A phishing scam in December 2016 resulted in a data breach at the University of Alaska, affecting around 25,000 students, staff and faculty members, according to a report on Wednesday by local Anchorage NBC affiliate KTUU.
A university letter sent to affected individuals and subsequently published by KTUU stated that the breach exposed names and corresponding social security numbers, after a hacker stole an employee's user name and password and potentially gained access to several sensitive accounts. The letter was sent in April 2017, four months after the incident took place.
Citing Robbie Graham, associate VP of public affairs with the UA system, KTUU further reported that one or more employees were tricked into clicking on material inside a malicious email message, thus enabling the breach. In response, the university quickly blocked the perpetrator's access, but it remains undetermined if anyone's information was accessed before the situation was mitigated. Individuals who received a letter are eligible to enroll in an ID theft loss reimbursement insurance program.
In September 2016, the University of Alaska announced that an attacker using employee credentials may have accessed information belonging to more than 5,400 students, including names, social security numbers, transcripts, appeals forms, grant award amounts, addresses, and phone numbers.