Re: EDUCAUSE Statement on Server Breach

[Valerie Vogel <vvogel () EDUCAUSE EDU>]

The information about an EDUCAUSE server breach is accurate.



We have just notified all members and the community via e-mail and social media outlets.



The e-mail notification was sent through our e-mail marketing product (Informz). Links within the e-mail are redirected 
through our marketing product.



Please note that the password reset page (https://www.educause.edu/user/password) is responding slowly due to increased 
traffic. Old passwords have already been deactivated; therefore, you do not need to change your password immediately. 
We expect traffic to the page to decrease later today and tomorrow.



For more information on the server breach, please visit: http://www.educause.edu/securitybreach



Thank you for your understanding and patience.
Valerie

Valerie Vogel Program Manager

EDUCAUSE<http://www.educause.edu/>
Uncommon Thinking for the Common Good
direct: 202.331.5374 | main: 202.872.4200 | educause.edu<http://www.educause.edu/>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin 
Halgren
Sent: Tuesday, February 19, 2013 11:35 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] EDUCAUSE Statement on Server Breach

I've been looking into this and my first assumption is that the e-mail we got is a phishing message because the e-mail 
origin and the link aren't EDUCAUSE.  Can anyone confirm this informz.net link is legit?

Kevin

On 2/19/2013 1:31 PM, Malyn, Justin D. wrote:
Just FYI, the emails directly to profile holders has a password reset link that uses the domain educause.informz.net , 
which this would be one case where using link-usage-tracking in email might be bad when notifying for a breach.  (Maybe 
instead just tell people to visit the educause site, and take these page steps to reset your password, so that no click 
link is involved?)

Without having seen the below note first (I got the profile warning first), it looked like an elaborate phishing email 
since the click links didn't match.

-Justin

Justin D. Malyn
Information Security Officer
GCED, GCWN, GCIH, GCFA, and GSLC Certified by GIAC.org
Information Services
University of Missouri - Kansas City

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valerie 
Vogel
Sent: Tuesday, February 19, 2013 1:16 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] EDUCAUSE Statement on Server Breach

Please review the statement below; contact information for inquiries is provided at the conclusion.

February 19, 2013 - Garth Jordan, Vice President, Operations, of EDUCAUSE, issued the following statement with regard 
to a recent breach of EDUCAUSE servers by an unauthorized third party.

"On February 5th, EDUCAUSE discovered that the server that maintains the .edu domain information and our member profile 
information was breached. The breach may have compromised .edu domain passwords and information contained in individual 
EDUCAUSE website profiles, including names, titles, e-mail addresses, usernames, and passwords. Based on our 
investigation to date, we do not believe the breach included access to credit card data, financial accounts, or other 
sensitive information.
"EDUCAUSE took immediate steps to contain this breach and we are working with Federal law enforcement, investigators, 
and security experts to make sure this incident is properly addressed. Additional security measures have been 
implemented to help prevent any future occurrences.
"As a precaution, we are proceeding as though all individual EDUCAUSE website profiles and all .edu domain holders 
might have been impacted. We have notified via email all .edu domain holders and all individuals with website profiles 
about the breach and requested that they change their passwords. All that is required from those impacted by this 
breach is a password re-set.
"The threat of a breach is a constant business concern; no organization is immune from these illegal and harmful 
activities. Therefore, our priority remains ensuring the security and privacy of our members, domain holders, and 
everyone who relies on our services."

*         For help with EDUCAUSE website profile password changes, please contact EDUCAUSE Member Services at info () 
educause edu<mailto:info () educause edu> or +1-303-449-4430.
*         For help with .edu domain password changes, please contact EDUCAUSE Member Services at edu () educause 
edu<mailto:edu () educause edu> or +1-303-449-4805.
*         For media inquiries, please contact Pete Boyle, Senior Vice President for Lipman Hearne, at pboyle () 
lipmanhearne com<mailto:pboyle () lipmanhearne com> or +1-202-536-8088.


Thank you,
Valerie

Valerie VogelProgram Manager

EDUCAUSE<http://www.educause.edu/>
Uncommon Thinking for the Common Good
direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu<http://www.educause.edu/>