The University of Delaware continues to recover from a cyber attack that exposed personal information.
The university reported All PIN numbers associated with UD IDs at the University of Delaware were reset after the recent data security breach. Self-service resetting is now available for Blue Hen incoming students, current undergraduate students and current graduate students.
Details on how to reset PIN are available athttp://www.udel.edu/it/help/CAS/udid.html.
UD also reporting that Phishers have taken advantage of the situation to send bulk emails to members of the UD community. Phishers pose as authorities who set up links to fake sites that gather personal information such as account, credit card and even Social Security numbers.
UD advised those receiving the emails to hit the the delete button. One way to detect the practice is to check the return email address.
Work to recover from a cyber attack at the University of Delaware led to a brief delay in the registration and housing assignment process.
University of Delaware officials would not confirm earlier reports that the data breech could cost $13 million or more. The estimates were based on a study of previous cyber attacks.
Click on the link below for the study:
Ponemon-2013-Cost-of-a-Data-Breach-Report
Meanwhile, Drop/Add registration and Housing Assignments for the fall semester will now be available online beginning Aug. 2 instead of Aug. 1.
UD information technology and partners continue their work to rebuild the server systems that were taken offline after the recent data security breach. Many systems have been fully restored, and others are nearing full recovery, the university reported.
Earlier, Student Financial Services extended the deadline for bill payment to August 8.
On Tuesday, the University of Delaware has reported the cyberattack that accessed files with confidential personal information of current and past employees, including student employees.
The attack led UD to offer free credit monitoring to those affected. Response to the offer was so great that it apparently slowed down the site of the company handling the work.
According to a statement from UD, some email messages from Kroll Advisory Solutions (the company offering the monitoring) are being diverted into recipients’ spam, junk or trash folders. In addition, ,the volume of traffic on the Kroll website was high on Tuesday and the company is working to address the issue. Those attempting to access the site reported slow response and crashes.
Kroll’s licensed investigators are available from 9 a.m.-8 p.m., Monday through Friday, through Aug. 30. After Aug. 30, telephone hours are 9 a.m.-6 p.m., Monday through Friday, the release stated.
Those affected are reminded that the coverage extends three years from the date of notification and have six months to enroll in the free service. Those afffected can contact Kroll Advisory Solutions, call 1-877-309-0016.
UD reported that a criminal attack on one of the university’s systems took advantage of a vulnerability in software acquired from a vendor. The software was identified as Struts2, which had a tie to an online bill-paying system, the university confirmed. UD has not announced that student information was stolen. However, students who also worked for the university were part of the 72,000 affected.
UD has sent notification letters to more than 72,000 affected persons and offered free credit monitoring. Approximately one-third of those affected have active UD email accounts and will have received an email notification as well.
The confidential personal information included names, addresses, UD IDs (employee identification numbers) and Social Security numbers.
UD is working closely with the FBI s and Mandiant, a leading private computer security firm, on the issue. The university is also investigating the scope of the attack. While this forensic investigation is underway, the university is taking steps to protect itself from future cyberattacks, according to a release announcing the attack.
The university retained the services of Krol, a risk mitigation and response that will provide free credit monitoring services to the employees whose information was compromised. Affected individuals who want to take advantage of the services will receive instructions on how to do so in a letter.
UD’s IT Security Response website is offering information on the attack and answers to frequently asked questions. The site will be updated as more information becomes available.
For more information on the IT security breach, visit http://www.udel.edu/it/response/.
