Information Security Alerts
UPDATE: JUNE 19, 2014
From the University of Nebraska at Omaha
For Immediate Release: Server Access Attempts Not Successful
The Information Security Office at the University of Nebraska at Omaha (UNO) and national forensics experts completed an investigation into a suspected unauthorized access incident. They concluded there was no unauthorized access into a server, located within Campus Security, and that no data was accessed. Since no unauthorized access to personal information took place, no student, faculty or staff were affected.
In early May, during a routine security scan, the incident was discovered by the university. The situation was taken seriously because the server in question contained files with some personal information.
“The experts used proprietary forensic tools to look at the suspected unauthorized access attempts and determined the system did not allow the access to occur,” Matt Morton, UNO’s Chief Information Security Officer, said. “We take the security of personal information very seriously. We worked diligently to make sure that we explored this incident thoroughly to its full resolution,” Morton said.
If any member of the UNO community has a question about this incident, the university will continue to monitor this email account: email@example.com.
Media inquiries should be directed to Charley Reed, UNO media relations coordinator, at 402.554.2129 or firstname.lastname@example.org.
UPDATE: JUNE 13, 2014
From Matt Morton, UNO’s Chief Information Security Officer:
On May 16, 2014, UNO shared with the community that there was an incident involving unauthorized access to a server. Since that time, an investigation has been launched by UNO’s Information Security Office and conducted in conjunction with national computer security forensics experts.
The investigative process is nearly complete, and we anticipate providing an update as soon as information is available.
If any member of the UNO community has a question, the university has established this email address: email@example.com.
We will also share information as it becomes available on this website.
ISSUED: MAY 16, 2014
The Information Security Office at the University of Nebraska at Omaha (UNO), along with law enforcement, is investigating unauthorized access into an administrative unit server within Campus Security. The incident was discovered in the last week by the university in the course of performing a security scan.
Please read on below for information regarding frequently asked questions about this incident.
Additional information will be shared on this page as it becomes available.
What did the server contain?
The server contained files with some personal information, including Social Security Numbers.
Law enforcement is assisting UNO to assess the incident to see if any individuals’ personal information may have been compromised.
What steps have been taken since the incident was discovered?
Multiple steps have been taken including:
- Removing the server from service to prevent further unauthorized access
- Contacting and working with law enforcement
- Hiring a leading firm specializing in data security to assist in a forensics investigation
- Investigating the nature and extent of the unauthorized access
- Developing a communication plan to contact individuals who may have been affected once information is known
- Setting up this dedicated web page to share information as it becomes available
- Setting up a dedicated email for questions at firstname.lastname@example.org
What is the focus of the investigation into this incident?
We take the protection of personal information very seriously. Right now we’re focused on determining the exact nature of the incident and directly communicating with those who may have been affected.
We are working with law enforcement and forensics experts to thoroughly reconstruct this incident so that we can determine the severity and take appropriate action.
Will I be notified if my information was compromised?
UNO will directly contact any affected individuals once information is known. The university will establish a toll-free service center if needed.
What should I do to protect my identity or personal information?
It is always good practice to monitor your personal information for fraudulent activity.
If you see any irregular activity, please contact appropriate law enforcement.
Another resource is the Federal Trade Commission’s identity theft website at www.idtheft.gov or call 1-877-438-4338, 1-877-IDTHEFT.
If I have questions, who should I contact?
The university has created an email where concerned individuals can submit questions. This web page has been established to view the most current information related to the unauthorized server access and ongoing investigation.
To submit questions, please email email@example.com.