UMD hacked twice during the past month

A top security manager at the school notified university officials of the “cyber intrusion” in a letter dated 3/20.

The incident is not related to a 2/19 breach that compromised the Social Security numbers of hundreds of thousands of UMD faculty, staff and students, she said. Here is the entire letter:

March 20, 2014

Dear Vice Presidents, Deans, Directors and Department Chairs:

The University of Maryland learned of a cyber-intrusion into its network on the morning of Saturday, March 15, 2014. Within 36 hours, the FBI, U.S. Secret Service, and the University's Police Department, working with University's IT security staff, successfully mitigated the intrusion. We thank these organizations for their expeditious and effective actions.

The FBI has informed the University that the intrusion resulted in no public release of any information and no damage to the institution, except for the release of personal data of one senior University official, who has been notified. We are unable to comment further on the intrusion at this time. This matter is unrelated to the data breach of February 18, 2014.

As the investigation proceeded over the weekend, the University took the precautionary step of moving a number of University websites offline. These sites are in the process of being transferred to a different web hosting environment to provide additional levels of security. This strategy was already in place prior to the intrusion, and the move will be completed shortly.

The fight against cyber-attacks requires unrelenting effort. The President's Task Force on Cybersecurity formed a few weeks ago is actively working in these areas:

· Evaluating cybersecurity consulting firms that can assist in strengthening our intrusion prevention and conducting penetration testing.

· Identifying sensitive information in university databases to determine whether they are needed and how to better isolate them. All sensitive records in the breached database that are no longer required have been removed.

· Examining national cybersecurity policies, procedures and best practices to establish an appropriate balance between centralized security and broad access on University networks.

Concurrently, the University IT staff with the support of outside consultants are working almost non-stop to better protect the vast information systems in our networks that are accessible to students, faculty, staff, and others. In the past month, they have:

· Closed the pathways utilized in the February 18, 2014 breach and the recent intrusion.

· Changed passwords for all databases and applications.

· Conducted an initial audit to detect vulnerabilities in individual websites within web hosting environments.

· Accelerated plans to migrate web hosting to a more secure environment.

In the coming days and weeks, we will announce additional security measures. The University is investing the financial and personnel resources required to better protect the personal, financial, academic, and research information of all members of the University community.

Sincerely,

Ann G. Wylie 
Chair, President's Task Force on Cybersecurity 
Interim Vice President and Chief Information Officer

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.