Over the past several months, a number of major, research-intensive universities across the country have been under cyber-attack. Unfortunately, Washington State University is among them.
There is no evidence that personal, research, or student data has been exposed. WSU has been working with an external cyber security firm to investigate the activity, protect the data stored on our systems, and strengthen security measures within IT environments across the university.
On July 8, 2015, Washington State University became aware of suspicious activity in our systems. We immediately reached out to external information security experts and federal law enforcement to investigate the activity. Those teams confirmed that sophisticated attackers had illegally accessed portions of the university’s email and directory systems.
With that confirmation and partnering with our external cyber security experts, we developed a plan for a series of initial countermeasures to protect the data stored on our systems and strengthen security measures within IT environments across the university.
Has data been exposed?
At this time, we have no indication that personal, research, or student data have been exposed. It is possible that WSU login credentials (user name and password) have been exposed
In order to further secure your data, the university is requiring faculty, staff, and students to change their passwords. Please see “Should I change my password” for more details.
Will there be service interruptions?
On August 19, WSU began enacting the first phase of the remediation plan, which was designed to disrupt and evict the intruder to our systems and simultaneously strengthen our security to protect against future attacks. While these actions have and may continue to cause some service interruptions, it was critical that these changes be put in place before we start the new academic year. We appreciate your patience as IT professionals across the university complete this important work.
Why is the university community only learning about this now?
We notified the general community as soon as we were confident that notification would not jeopardize our efforts to secure systems and limit damage from the suspicious activity, potentially making the situation much more difficult to resolve. It was important that we keep our attackers unaware of our course of action until initial counter measures were underway.
Has information in my email been taken?
At this time, we have no indication that information in university email has been taken. In fact, student email—which already operates in a secure, cloud-based environment—appears to have been untouched. Changing your WSU network password is an important step toward further securing your information.
Should I change my password?
Yes. An important component of the initial countermeasure plan entails strengthening passwords. Every member of our university community—faculty, staff, students, and administrators—is strongly encouraged to change the password associated with your WSU account.
Are my emails getting through to organizations outside of WSU?
With the number of cyber-attacks reported recently, a number of federal agencies are in the process of reviewing their internal protocols for sending and receiving email, including that from their higher education partners. As a result, there is a possibility that some Washington State University email users could be affected by those changes. We are proactively reaching out to the agencies with which WSU has most frequent contact to ensure communication channels remain open.
Please follow up any email to your federal partners with a telephone call to ensure they have received your information and/or to see if they have a preferred alternative for communication.
I work remotely. How does this impact me, and what should I be doing?
You can still use Remote Desktop Connection to gain access to your desktop, but you must first install and setup a Virtual Private Network connection to WSU. Instructions on how to install and use this software can be found at https://infotech.wsu.edu/NetworkService/VPN/VPN.aspx.
What is WSU doing to prevent cyber-attacks? Are we taking sufficient steps to protect data?
In recent years, higher education has become one of the most targeted industries for cyber-attack. WSU frequently detects and repels threats. The University takes any such attack very seriously. As threats become more sophisticated, IT professionals must quickly adapt to stay ahead. The University has made significant investment to do so.
The entire University community plays an important role in information security. Some best practices that will help make WSU systems and your information more secure include:
- Click intelligently – Malicious emails can put your data at risk. Don’t click links or download attachments from untrusted or unexpected emails.
- Apply updates – Cyber attackers often leverage out-of-date software to gain access to systems. Reduce your risk by keeping software on your devices current. Work with your local IT support to insure timely updates.
- Keep passwords strong and fresh – A longer password is a stronger password. Create strong passwords for your accounts. Having a strong password and resetting it frequently will help keep your information safe.
What if we receive a media inquiry?
All media inquiries should be directed to Kathy Barnard, University Communications, 509-335-8055, email@example.com
Will we receive further updates?
Yes, we will continue to update the community as the effort progresses.
Who do I go to for questions or more information?
We understand that the University community will have additional questions about this incident. Please send your questions to firstname.lastname@example.org and they will be routed appropriately for answers.