BISMARCK, N.D. – A North Dakota University System computer server that stores personal information on students, staff and faculty has been hacked, but nothing appears to have been compromised, Interim Chancellor Larry Skogen said Wednesday.
The security breach was discovered on Feb. 7, and the server was immediately locked down, Skogen told reporters on a teleconference.
Skogen said personal information — including Social Security numbers — of more than 290,000 current and former students and about 780 faculty and staff were on the server. North Dakota has 11 public colleges, including six four-year universities and five two-year schools.
"There is no evidence that the intruder accessed any of your information, but we can't rule out the possibility," Skogen said in a letter released to students, faculty and staff on Wednesday.
"It is very unfortunate that this happened," Skogen told reporters.
The university system has created a website (ndus.edu/data) and is organizing a call center to help people who have questions, officials said. The university system also will provide identity protection services for one year for anyone affected, Skogen said. Officials did not immediately know the cost of those measures.
Core Technology Services, the information technology arm of the North Dakota University System, discovered the "suspicious access." University system spokesman Darin King said law enforcement has been notified but declined to name specific agencies.
Officials said in a statement that "an entity operating outside the United States apparently used the server as a launching pad to attack other computers, possibly accessing outside accounts to send phishing emails."
"It certainly appears to be an offshore attack," Skogen said.
University system and law enforcement officials are continuing to investigate the cause of the security breach "and what we can do to prevent that from happening again," Skogen said.