Earlier this year the North Dakota University System reported a massive security breach which exposed hundreds of thousands of student and faculty records. The breach was on-going for months before the university system detected it.
Last month three NDUS employees were let go over the issue.
Now it appears as though there’s been a second breach, this time at North Dakota State University specifically. I don’t believe the breach has been announced publicly yet, but next week’s meeting of the Legislature’s Budget Section just got an updated agenda today which includes this item:
So there was an attack, and unauthorized access.
There aren’t a lot of details as yet in terms of the duration of the breach and the data accessed, but from what I’ve gleaned from sources in the Legislature it appears as though payroll data was accessed.
This comes at an interesting time. Rep. Roscoe Streyle, a Republican from Minot, wrote for SAB recently about NDSU President Dean Bresciani requesting that NDSU be exempted from Intrusion Prevention and Intrusion Detection Systems. Bresciani has a fantastically acrimonious relationship with the university system office over IT issues dating back to allegations (never substantiated, but never disproved either) that he deleted tens of thousands of emails instead of turning them over to a Legislative inquiry.
When Bresciani hasn’t been fighting to exempt his institution’s networks from state-run intrusion protection, he’s been waging a war on unifying the university system’s email accounts.
We don’t know yet what, if any, role Bresciani’s rancor on IT issues had to play with this latest breach, but it’s safe to say that there isn’t a lot of trust between state and university system IT officials and Bresciani’s administration.