By CARL SMITH
Mississippi State University officials are investigating a cyber attack in which hackers obtained non-sensitive employee data from one of the school‚Äôs numerous servers.
A preliminary investigation revealed no vital data ‚ÄĒ Social Security numbers, credit card information, health information or grades ‚ÄĒ was compromised, MSU Chief Information Officer Mike Rackley said in a release Wednesday.
MSU University Relations Director Sid Salter said the attack did not affect students or the university‚Äôs Banner Web services.
On Wednesday, Hack Read News, a website that publishes information on technology, security and hacking news, posted information and links related to a Brazilian hacker‚Äôs claim of obtaining data on 929 MSU-affiliated individuals. The actual number of impacted MSU Web services users is 525, university officials said in a release.
MSU President Mark Keenum was advised of the incident and tasked Rackley for the investigation.
‚ÄúCyber crimes and ‚Äėhacking‚Äô plague Fortune 500 companies, the federal government and unfortunately is a reality in higher education as well,‚ÄĚ Keenum said in a release Wednesday. ‚ÄúWe‚Äôre very sensitive to the concerns such attacks generate, but at this point we believe that the secure data of these individuals remains safe.‚ÄĚ
‚ÄúThis represents only one of hundreds of servers in the MSU system,‚ÄĚ Rackley said in a release Wednesday. ‚ÄúIn response to incidents like this one and the increasing number of Internet-enabled computer attacks, Mississippi State continually modifies its systems and practices to enhance the security of sensitive information.‚ÄĚ
Following the attack, MSU‚Äôs Information Technology Services notified employees and advised them to change their online passwords.
Raw data from the hack posted on the Internet revealed more than 10 encrypted passwords which were still ‚Äúsalted and hashed.‚ÄĚ
Joe Farris, an assistant to the president, was one of the MSU employees linked to the posted encrypted passwords. He said the entry was used for an administrative website he ‚Äúvery rarely used in the past,‚ÄĚ and the site itself contained ‚Äúno information of consequence‚ÄĚ to his privacy.
‚ÄúI was contacted directly by telephone this morning and was explained what had happened as it related to my own information,‚ÄĚ Farris said. ‚ÄúThat password was not necessarily my ‚Äėeveryday‚Äô password. In any case, I immediately changed my passwords for all applications. I am completely comfortable with how (MSU ITS) handled the situation.‚ÄĚ
Other data from the hack posted on the Internet revealed information was obtained from hundreds of employees‚Äô MoneyMate accounts. No sensitive information was present in this data block, but timestamps reflecting deposits were available.
Everett Kennard, MSU Transportation Services manager, had his MoneyMate information posted from the hack and said the data published more than likely represented the 2006 date he opened an account.
‚ÄúI know for a fact I put $250 in that account then,‚ÄĚ he said, referring to the hacked data posted on the Internet. ‚ÄúThe whole technological issue is scary to me. We live in a technology-based world and we‚Äôve come to depend on technology for almost everything. Everything I have is linked through the university somehow, but I have confidence in our ITS department to keep sensitive information secure.‚ÄĚ
‚ÄúIt‚Äôs just one of those things. I‚Äôve been meaning to change my passwords for a while, anyway,‚ÄĚ Thomas Lafoe, an instructional technology specialist with the university‚Äôs library, added. Lafoe‚Äôs MoneyMate information was also posted following the hack. ‚ÄúThe university is very much on top of security and will patch this issue very quickly.‚ÄĚ