Some data may have been compromised in Morehead State University cyberattack, emails show
Some data from Morehead State University may have been compromised in the July cyberattack on the school, emails to employees said.
An email sent by President Jay Morgan to employees on August 1 said “we recently discovered that some data may possibly have been compromised.”
The university originally believed no student or employee data had been breached, according to emails from Morgan sent in July.
“At the moment, we are continuing to assess it, search for what workstation it may have come from, and try to identify how much,” Morgan said in the August communication. “At this point, we do not believe any of it was MSU employee personal data. Should we at any time in the future determine any employee personal data was extracted, we will contact those employees directly to let them know.”
The cyberattack was discovered when the campus had a technology service disruption, according to an email sent from Morgan to students and employees on July 13. Some computers on campus were disconnected and isolated, and the campus network was kept offline to investigate the attack. Campus Wi-Fi and email access were also impacted, and people were encouraged to use off-campus computers when possible.
Since discovering that some data may have been compromised, employees were told to change their passwords on Morehead accounts, as well as any third-party accounts they use at the university, according to emails. It was also suggested they change passwords on personal accounts not associated with the university and enable two-factor authentication for their campus login.
The university also worked with an off-campus firm to offer free identity theft protection services for employees and students.
“This will add an additional layer of protection for our campus,” Morgan wrote.
For the fall semester, classes that use computer labs were advised to prepare for a two-week delay in access to labs. Classes for the fall began on Monday.