UVM hit by cyber attack

Sawyer Loftus

UVM Information Security Office with message to the media on door.

Sawyer Loftus, Senior Staff Writer

UVM was targeted by a cyber attack that could potentially lead to the malicious use of University NetIDs and passwords.

Julia Russell, associate chief information officer of Enterprise Technology Services, alerted the University community in a May 23 email that the Information Security Office and ETS were taking steps to correct a computer system intrusion.

UVM faculty, students and employees were required to change their NetID passwords by 4:30 p.m. May 24. UVM has no indication that personal information was accessed or taken, Russell stated in the email.

Few specific details are available to the public as the University continues its investigation with law enforcement, UVM Communications Director Enrique Corredera said.

UVM became aware of the intrusion very recently he said; however, Corredera could not share a specific date at time of publication due to the active investigation.

Almost a year ago, a similar attack was made against the University Medical Center. Private information of 2,300 patients was at risk of being exposed, according to a July 2017 Burlington Free Press article.

The University was able to address the attack quickly thanks to constant monitoring of UVM systems and servers, Corredera said.

The University is taking steps to further invest in data security, but what those specific steps are Corredera couldn’t say. The steps being taken are above his level of understanding, he said.

“All I can say is that all of the steps our technical folks can take are being taken,” Corredera said.

If a breach occurs or a security threat is detected, UVM’s information security officer notifies the chief privacy officer. The incident is then logged and an evaluation is conducted, according to UVM’s data breach notification policy.

Following the evaluation, the chief privacy officer will work with the office of general council to officially determine if a breach has occurred and what data has been compromised, the policy states.

The threat of cyber intrusions has become a part of the daily news, Corredera said.  

“This is by no means unique to the University of Vermont,” he said. “These types of cyber attacks and intrusions have become everyday headlines.”

In a May 24 post on UVM’s “Why? Security” blog, Enterprise Technology Services named password security as the best method to keep NetIDs safe.

“While no one likes maintaining passwords, they remain an important part of the security infrastructure at UVM and our peer institutions,” the post stated.

Higher education institutions have been recently targeted by data intrusions, according to a September 2017 article from Campus Technology. In 2017 the education sector saw 118 successful attacks, which is nearly double from recent years, the article stated.

No impact should be felt by the intrusion, Corredera said. Although no personal information was compromised, students said they still feel the impact of the intrusion.

In May, some students complete summer course requirements, many of which are done online. First-year Dorcas Lohese said that it could be difficult to complete many of the University-required items first-years need to  attend to because of the intrusion.

“It will be hard for me to keep track of what I need to do before the school year starts,” Lohese said.

She doesn’t believe that there will be a serious impact other than the slight inconvenience of changing her password, Lohese said. However, if intrusions like this keep happening, and passwords keep having to be changed  it could hinder her ability to access critical information online, she said.

Although the University community should rest easy knowing their personal information was not accessed, this incident is still important, Corredera said.

“It needs to be taken seriously,” Corredera said.