UA data breach appears to target tax info
A data breach at the University of Alaska has affected dozens of current and former employees and students according to university officials, who say action is being taken on the matter.
According to a UA statement, word first reached security officials when users started reporting “an inability to access their password-protected Alaska.edu accounts.” Services affected by the outage included Blackboard Learn, Google mail and UAOnline.
A total of 50 people’s accounts have been affected by the breach, which is being investigated by the university system’s Office of Information Technology, along with IT and security teams at UA campuses. According to their investigation, “user passwords had been changed by a third party.”
“The hackers had access to personal information through social media and other sources, which allowed them to answer security questions in the UA self-service password reset tool,” UA officials wrote. “Since these users had chosen to not provide any custom security questions, the hackers were able to use the tool to change passwords.”
The issue in the password reset system has fixed “to prevent future compromises,” according to the UA statement.
One fraudulent income tax return has already been reported to investigators, leading them to suspect employees’ W-2 tax form information had been targeted.
All users of UA’s system will have to provide custom security questions in its online password-reset tool, as IT officials examine password logs for suspicious activity and check whether financial aid data has been compromised.
“Those who were affected will be offered reimbursement insurance coverage in the event their data is fraudulently used and they suffer a loss,” UA officials wrote. “The university is working directly with affected employees to offer any assistance should they need it.”
A UA spokesperson says the university's systems are under attack by hackers all of the time, and that officials are continuously monitoring them.
Anyone with security concerns about their UA account is asked to contact Kathleen Boyle, the system’s chief IT security officer, at 907-474-7404 or by email.
Kathleen Boyle, Chief Security Officer, Office of Information Technology, University of Alaska at (907) 474-7404 or firstname.lastname@example.org.
Cassie Schirm contributed information to this story.
Copyright 2018 KTVA. All rights reserved.