Educause Security Discussion mailing list archives
Re: Chegg Data Breach notification (Thanks to HIBP)
From: "Seidl, David" <seidlda () MIAMIOH EDU>
Date: Fri, 16 Aug 2019 09:15:26 -0400
Frank, In my former ISO life, our standard practice was: - An advisory to campus if it was of broad general interest or hit a threshold number that was significant, with a reminder to not re-use passwords, a push for use of a password manager, and a nudge to change passwords if they did re-use them elsewhere. - A direct email to impacted individuals if we had a list In general, we did not require a password reset. In our current world, MFA means that we are unlikely to require a password reset unless we know that a specific password was exposed. David On Fri, Aug 16, 2019 at 9:03 AM Frank Barton <bartonf () husson edu> wrote:
Good morning folks, I'm sure a bunch of you got similar notifications this morning that $BIGNUM accounts at your domain were impacted by the April 2018 Chegg Data breach. We are looking at how we want to address this, as I'm sure that many students use the same password everywhere. have any of you decided how you are going to address this? Are you notifying impacted users? Are you requiring a password reset for campus systems? Thank You Frank -- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
-- David Seidl Vice President for Information Technology and CIO Miami University 306 Hoyt Hall Oxford, OH 45056 seidlda () miamioh edu 513-529-8338 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Chegg Data Breach notification (Thanks to HIBP) Frank Barton (Aug 16)
- Re: Chegg Data Breach notification (Thanks to HIBP) Seidl, David (Aug 16)
- Re: Chegg Data Breach notification (Thanks to HIBP) Ken Connelly (Aug 16)
- Re: Chegg Data Breach notification (Thanks to HIBP) Blake M Bourgeois (Aug 16)
- Re: Chegg Data Breach notification (Thanks to HIBP) John McCabe (Sep 24)
- Re: Chegg Data Breach notification (Thanks to HIBP) Manjak, Martin (Sep 24)
- Re: Chegg Data Breach notification (Thanks to HIBP) Barton, Robert W. (Sep 24)
- Re: Chegg Data Breach notification (Thanks to HIBP) Matt Armstrong (Sep 24)
- <Possible follow-ups>
- Re: Chegg Data Breach notification (Thanks to HIBP) Joseph Tam (Aug 16)
- Re: Chegg Data Breach notification (Thanks to HIBP) Frank Barton (Sep 23)
- Re: Chegg Data Breach notification (Thanks to HIBP) Garrett McManaway (Sep 23)
- Re: [EXTERNAL] Re: [SECURITY] Chegg Data Breach notification (Thanks to HIBP) Zachary Yamada (Sep 23)
- Re: Chegg Data Breach notification (Thanks to HIBP) Frank Barton (Sep 23)