UPDATED: NDUS Student Files "Were Not Encrypted" - Valley News Live - KVLY/KXJB - Fargo/Grand Forks

UPDATED: NDUS Student Files "Were Not Encrypted"

Posted: Updated:

Updated at 2:24 3/10/14

A spokeswoman with NDUS has confirmed to Valley News Live that the files containing student records were not encrypted. Linda Donlin says that despite the files not being encrypted third party examination shows that the files were not compromised even though the over all server was hacked.

NDUS's own security policy mandates that sensitive files be encrypted when they are stored. From NDUS's data practices guidelines:

"When necessary, data transmission and storage should be encrypted. Sensitive data such as student records should be encrypted to ensure data confidentiality and integrity when transmitted over a network."

Encrypting data is a common practice to prevent unauthorized access to information. We continue to follow this story and will have more details as they become available.

Original Story
On March 5, we told you about a hacker getting into a computer server of the North Dakota University System.

At first it appeared the hackers used the powerful server as a launching pad to attack other computers, but it contained the personal information of 290,000 current and former students and 780 faculty and staff.

Now an email has surfaced indicating reports of phishing attacks are up.

The morning of March 7, an email from the chief information officer with Bismarck State College was sent to employees and faculty regarding the recent server break-in.

In that email was a quote being attributed to NDUS' Deputy Chief Information Officer Darin King. It says:

 "We are getting reports of phishing attacks directed at users, likely due to this incident."

Until now, NDUS has claimed there is no indication the personal information being housed on that server was actually accessed, so we began investigating.

Valley News Live Reporter Mellaney Moore made multiple calls and King wouldn't call her back to answer questions about the breach.

She did get a hold of the NDUS Communications Director Linda Donlin, who told her they "firmly believe" the hackers weren't specifically targeting the personal information on the server, but rather using the power of the server for another outside target.

Donlin says King's email meant they are seeing more phishing reports due to heightened awareness of the attack.

Nonetheless, NDUS signed a contract this afternoon with an identity protection service which will be available for the next year to all whose information was held on that server.

Moore also asked Donlin if the personal information on the server was encrypted.

She said she didn't know and would call us back. We are still waiting on that information.

Powered by WorldNow
Powered by 

WorldNowAll content © Copyright 2000 - 2014 WorldNow and Valley News Live. All Rights Reserved.
For more information on this site, please read our Privacy Policy and Terms of Service.