Student Suspected in University Hack That Leaked Info of 654K Cornhuskers

Officials at the University of Nebraska suspect a current undergraduate student is behind a hack earlier this month that appears to have spilled the sensitive information of tens of thousands of past and present students.

Officials at the University of Nebraska suspect a current undergraduate student is behind a hack earlier this month that appears to have spilled the sensitive information of tens of thousands of past and present students.

According to a report from the Omaha World-Herald today, Police Chief Owen Yardley at University of Nebraska-Lincoln claims the “computer and related equipment” belonging to the student in question were confiscated Thursday night and are in the process of being analyzed by the police and FBI.

The university’s Computing Services Network was able to track the student down after identifying IP addresses used in the attack.

As the school is continuing to investigate the hack however, it refuses to release the suspect’s name at this point in time.

The breach, discovered May 23 and disclosed to the public two days later, affected the Nebraska Student Information System (NeSIS), a centralized database that stores information about students from University of Nebraska’s four campuses: Lincoln, Kearney and two in Omaha, as well as the University of Nebraska Medical Center and Nebraska College of Technical Agriculture.

The database, which stores 654,000 student and alumni records, includes social security numbers, addresses, grades, transcripts, and housing and financial aid information about current students, former students and even student applicants who may have elected not to attend the University of Nebraska. Alumni information spanning back to 1985 was also kept in the database.

While the university has been relatively mum when describing how exactly the attack happened, on a site set up for concerned students, faculty, staff and applicants, it claims that at 10 p.m. on the night of the breach, a Computing Services Network staff member discovered someone had gained access to the database.

Over the weekend the school e-mailed approximately 21,000 people who had bank account information connected to the database and warned them to watch for any potentially suspicious activity on their accounts. The school also plans to launch a toll-free service center on Friday this week in hopes to assuage the fears of any students or faculty who may be concerned their information has been leaked.

Attacks on higher education are becoming more and more common. Earlier this month a mammoth breach at the University of North Carolina-Charlotte exposed the information, including social security numbers, of 350,000 students, staff and faculty after a system was accidentally misconfigured. Another similar yet less expansive incident at the University of Tampa leaked 30,000 students’ social security numbers in March.

Suggested articles

45 Million Medical Images Left Exposed Online

45 Million Medical Images Left Exposed Online

A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.