Educause, which has 1,800 college and 300 corporate members, issued a warning that it had discovered a security breach sometime in February that may have compromised the hashed passwords of .edu domain holders and urged impacted administrative, billing or technical contacts to change their passwords.
Other possibly compromised data include any information stored in individual profiles on the Web site, including name, title, e-mail address, usernames and passwords. Those who have InCommon accounts apparently are not at risk. Educause partnered with the federation to provide its members more resources for identity management
As a precaution, the association deactivated all affected passwords and notified members through e-mail and social media. It said it’s working with authorities and beefing up its security as a result of the breach. No other details were given for how the server was attacked.
“Based on our investigation to date, we do not believe that any sensitive personal or financial information has been accessed,” the group said in a prepared statement.
Educause programs and services provide tools to help IT decision makers within higher education, including analyses, advocacy, community building, professional development. Its membership also includes state and federal government agencies.