Officials from Harvard University are warning some of its students that the school fell victim to a data breach last month and that it’s in the process of determining the scope of the attack.
Anne Margulies, Harvard’s vice president and chief information officer, sent a memo to students and faculty late Wednesday night that eight schools and administrative organizations may have been implicated in a June 19 breach.
According to Margulies the intrusion occurred on the IT networks of the Faculty of Arts and Sciences (FAS) and Central Administration, and at the very least, exposed users’ school login and email information.
“At this time, we have no indication that personal data or research data have been exposed. It is possible that Harvard logins used to access your University account have been exposed,” the note reads.
The note is sparse when it comes to actual information about the attack but from what the school can tell, no research data, personal data, or student PIN credentials has been exposed.
As the breach appears to be largely email based the school is calling on certain students and faculty – anyone involved with the compromised schools – to change passwords associated with their @fas.harvard.edu accounts.
According to a ‘Cyber Alert’ site Harvard set up, the school will ask students with the Graduate School of Design, Harvard’s Graduate School of Education, Harvard’s John A. Paulson School of Engineering and Applied Sciences, and Harvard’s T.H. Chan School of Public Health to change their email passwords as it investigates the breach further.
Other students – those with the Faculty of Arts and Sciences, Divinity School, Radcliffe Institute for Advanced Study, and Central Administration – will be required to change both their email passwords and the passwords associated with their Harvard logins.
The school claims students with the Harvard Business School, Harvard Kennedy School, Harvard Law School, Harvard Medical School or Harvard School of Dental Medicine don’t have to change their passwords at this time, but it probably wouldn’t hurt.
Margulies didn’t have any additional information regarding how – or who for that matter – may have infiltrated the school’s system but claimed the school would monitor the situation going forward.
It’s also unclear exactly how many students the breach implicates. FAS is Harvard’s largest division and technically includes all of the aforementioned schools, Harvard College and all of the university’s libraries, museums, campus resources, and athletics.
U.S. universities and colleges have been popular targets for attackers over the last several years.
In 2012 a data breach at the University of Tampa affected 30,000 students and faculty. Subsequent breaches at the University of Maryland affected 300,000 student records and 34,000 at the University of South Carolina.