According to Clark, the privacy incident occurred in the beginning of May when an OSU employee’s account was hacked and used to send phishing emails nationally. Clark said the university does not know if any information was used or copied, but they do know that the hacker had access to 636 student and family records.
“OSU continues to investigate this matter and seeks to determine whether the cyber attacker viewed or copied these documents with personal information,” said Clark. “We have no indication at this time to believe that the personal information was seen or used.”
Currently, Clark said that the university is assessing the protection procedures used to protect students’ confidential information such as email accounts and family records.
“We will continue to monitor such efforts and systems, and take further steps to protect the university’s information technology and sensitive data,” Clark said via email.
Clark said that the FBI has been notified of the situation, but until then students and family members can contact the OSU customer call center for more information.
At this time the university is providing 12 months of credit monitoring services to the students and family members that may be affected, said Clark.
In response to this incident, OSU sent out a press release on June 14, providing a call center number for students and family members that have questions.
According to the IT Incident Press Release students and family members seeking more information about this matter may call the center at 541-713-0400.
There are programs at OSU currently researching privacy protection, in particular cybersecurity. According to the Electrical Engineering and Computer Science website, there is a cybersecurity group at OSU working to find ways of preventing these kinds of security breaches.
“Our work includes adversarial threat modeling, design of novel protection mechanisms, and analysis of their guarantees,” featured on the Electrical Engineering and Computer Science website. The EECS website explains that they have a wide range of disciplines in this group developing ways to mitigate cyber-attacks and data mining.
Rachel Roberston wrote the article “Hacking into a career” for the EECS website, explaining that hacking is not always a nefarious thing, and that it actually helps an organization realize the faults in their programming.
According to Robertson, “Now companies like Google, Facebook, and United Airlines offer rewards to people who discover and report vulnerabilities in their software.”
Yeongjin Jang, a professor at OSU, takes the lead in cybersecurity, and teaches a course focusing on cyber attacks and defense, said Robertson. Robertson said that Jang was also the one that started the OSU Security Club, which competes in several hacking competitions.