VA: Security Incident Involving James Madison University Network
December 18, 2014
James Madison University is committed to protecting the confidentiality and security of the information entrusted to us. This notice contains important information regarding a recent security incident involving JMU’s network.
Since October, JMU Information Technology, along with law enforcement and outside security consultants, has been investigating an incident of unauthorized access to JMU technology resources. During this time, IT, with guidance from security consultants, took significant steps to further identify and contain this unauthorized activity and prevent greater risk to the university community. Affected servers associated with the UREC, Parking, Orientation OneBook and CFI Workshop Registration systems were rebuilt as well. This work culminated in the December 17 network and data center maintenance you experienced. Simultaneously included were initial measures to further strengthen our network security and more proactively defend against the constant and increasingly sophisticated threats JMU and other universities across the nation face.
To complete the immediate work and help further assure adequate protection going forward, we need the help of our entire JMU user community. All faculty, staff, students and affiliates must change their e-ID passwords as follows:
From on-campus wired connections, logon to your desktop/laptop using your current e-ID password and go immediately to MyMadison to complete the password change process. (Avoid multiple desktop logins without completing the password change as this may generate lockout conditions).
In either case, after completing your password change, please be patient and allow time for this change to propagate to other systems before trying the new password elsewhere.
For password-related problems or other recovery assistance, contact the HelpDesk at 540-568-3555 or [email protected].
Regrettably, on December 11, the investigation showed evidence that an electronic file containing information including name, address, SSN, date of birth, phone number, health insurance subscriber identification number and other information for approximately 2,800 current and former employees was accessed during the incident. These individuals will be mailed a letter with additional information and instructions in the upcoming week. The notification will provide further details and describe how these individuals can take advantage of the complimentary one-year Experian® ProtectMyID® identity theft protection service JMU will offer. At this time we have no evidence that this information has been used in any way. However, JMU has established a dedicated call center for individuals with questions related to the notification at 877-841-8158 beginning at 10 a.m. today, Thursday, December 18 and from 9 a.m. to 9 p.m. Monday through Friday thereafter.
Erin Flynn provides media coverage on The Breeze.