Re: EDUCAUSE Statement on Server Breach

["Scherck, Daniel" <scherckd () EVERGREEN EDU>]

If you go directly to the educause website and attempt to log in, you will be greeted with a message in yellow about a 
security update requiring password reset, so it appears this is a valid alert. I just manually went to educause to do 
the password reset, based on the same thought process. ("informz? Yeah, that sounds legitimate.") Educause servers must 
be getting hammered though, as they're really slow responding.

Dan Scherck
The Evergreen State College

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin 
Halgren
Sent: Tuesday, February 19, 2013 11:35 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] EDUCAUSE Statement on Server Breach

I've been looking into this and my first assumption is that the e-mail we got is a phishing message because the e-mail 
origin and the link aren't EDUCAUSE.  Can anyone confirm this informz.net link is legit?

Kevin

On 2/19/2013 1:31 PM, Malyn, Justin D. wrote:
Just FYI, the emails directly to profile holders has a password reset link that uses the domain educause.informz.net , 
which this would be one case where using link-usage-tracking in email might be bad when notifying for a breach.  (Maybe 
instead just tell people to visit the educause site, and take these page steps to reset your password, so that no click 
link is involved?)

Without having seen the below note first (I got the profile warning first), it looked like an elaborate phishing email 
since the click links didn't match.

-Justin

Justin D. Malyn
Information Security Officer
GCED, GCWN, GCIH, GCFA, and GSLC Certified by GIAC.org
Information Services
University of Missouri - Kansas City

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valerie 
Vogel
Sent: Tuesday, February 19, 2013 1:16 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] EDUCAUSE Statement on Server Breach

Please review the statement below; contact information for inquiries is provided at the conclusion.

February 19, 2013 - Garth Jordan, Vice President, Operations, of EDUCAUSE, issued the following statement with regard 
to a recent breach of EDUCAUSE servers by an unauthorized third party.

"On February 5th, EDUCAUSE discovered that the server that maintains the .edu domain information and our member profile 
information was breached. The breach may have compromised .edu domain passwords and information contained in individual 
EDUCAUSE website profiles, including names, titles, e-mail addresses, usernames, and passwords. Based on our 
investigation to date, we do not believe the breach included access to credit card data, financial accounts, or other 
sensitive information.
"EDUCAUSE took immediate steps to contain this breach and we are working with Federal law enforcement, investigators, 
and security experts to make sure this incident is properly addressed. Additional security measures have been 
implemented to help prevent any future occurrences.
"As a precaution, we are proceeding as though all individual EDUCAUSE website profiles and all .edu domain holders 
might have been impacted. We have notified via email all .edu domain holders and all individuals with website profiles 
about the breach and requested that they change their passwords. All that is required from those impacted by this 
breach is a password re-set.
"The threat of a breach is a constant business concern; no organization is immune from these illegal and harmful 
activities. Therefore, our priority remains ensuring the security and privacy of our members, domain holders, and 
everyone who relies on our services."

*         For help with EDUCAUSE website profile password changes, please contact EDUCAUSE Member Services at info () 
educause edu<mailto:info () educause edu> or +1-303-449-4430.
*         For help with .edu domain password changes, please contact EDUCAUSE Member Services at edu () educause 
edu<mailto:edu () educause edu> or +1-303-449-4805.
*         For media inquiries, please contact Pete Boyle, Senior Vice President for Lipman Hearne, at pboyle () 
lipmanhearne com<mailto:pboyle () lipmanhearne com> or +1-202-536-8088.


Thank you,
Valerie

Valerie VogelProgram Manager

EDUCAUSE<http://www.educause.edu/>
Uncommon Thinking for the Common Good
direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu<http://www.educause.edu/>