Re: EDUCAUSE Statement on Server Breach

[Kevin Halgren <kevin.halgren () WASHBURN EDU>]

I've been looking into this and my first assumption is that the e-mail 
we got is a phishing message because the e-mail origin and the link 
aren't EDUCAUSE.  Can anyone confirm this informz.net link is legit?

Kevin

On 2/19/2013 1:31 PM, Malyn, Justin D. wrote:
> Just FYI, the emails directly to profile holders has a password reset 
> link that uses the domain educause.informz.net , which this would be 
> one case where using link-usage-tracking in email might be bad when 
> notifying for a breach.  (Maybe instead just tell people to visit the 
> educause site, and take these page steps to reset your password, so 
> that no click link is involved?)
>
> Without having seen the below note first (I got the profile warning 
> first), it looked like an elaborate phishing email since the click 
> links didn't match.
>
> -Justin
>
> Justin D. Malyn
> Information Security Officer
> GCED, GCWN, GCIH, GCFA, and GSLC Certified by GIAC.org
> Information Services
> University of Missouri - Kansas City
>
> *From:*The EDUCAUSE Security Constituent Group Listserv 
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Valerie Vogel
> *Sent:* Tuesday, February 19, 2013 1:16 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] EDUCAUSE Statement on Server Breach
>
> Please review the statement below; contact information for inquiries 
> is provided at the conclusion.
>
> February 19, 2013 --/Garth Jordan, Vice President, Operations, of 
> EDUCAUSE,/ /issued the following statement with regard to a recent 
> breach of EDUCAUSE servers by an unauthorized third party./
>
> "On February 5^th , EDUCAUSE discovered that the server that maintains 
> the .edu domain information and our member profile information was 
> breached. The breach may have compromised .edu domain passwords and 
> information contained in individual EDUCAUSE website profiles, 
> including names, titles, e-mail addresses, usernames, and passwords. 
> Based on our investigation to date, we do not believe the breach 
> included access to credit card data, financial accounts, or other 
> sensitive information.
>
> "EDUCAUSE took immediate steps to contain this breach and we are 
> working with Federal law enforcement, investigators, and security 
> experts to make sure this incident is properly addressed. Additional 
> security measures have been implemented to help prevent any future 
> occurrences.
>
> "As a precaution, we are proceeding as though all individual EDUCAUSE 
> website profiles and all .edu domain holders might have been impacted. 
> We have notified via email all .edu domain holders and all individuals 
> with website profiles about the breach and requested that they change 
> their passwords. All that is required from those impacted by this 
> breach is a password re-set.
>
> "The threat of a breach is a constant business concern; no 
> organization is immune from these illegal and harmful activities. 
> Therefore, our priority remains ensuring the security and privacy of 
> our members, domain holders, and everyone who relies on our services."
>
> ·For help with*EDUCAUSE website profile password changes*, please 
> contact EDUCAUSE Member Services at info () educause edu 
> <mailto:info () educause edu> or +1-303-449-4430.
>
> ·For help with *.edu domain password changes*, please contact EDUCAUSE 
> Member Services at edu () educause edu <mailto:edu () educause edu> or 
> +1-303-449-4805.
>
> ·For *media inquiries*, please contact Pete Boyle, Senior Vice 
> President for Lipman Hearne, at pboyle () lipmanhearne com 
> <mailto:pboyle () lipmanhearne com> or +1-202-536-8088.
>
> Thank you,
>
> Valerie
>
> *Valerie Vogel*Program Manager
>
> *EDUCAUSE* <http://www.educause.edu/>
> /Uncommon Thinking for the Common Good
> /direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | 
> educause.edu <http://www.educause.edu/>

Attachment: kevin_halgren.vcf
Description: