Dear Kent State University Students, Faculty and Staff,
As previously noted by Kent State’s Office of Security and Access Management during National Cybersecurity Awareness Month in October, there has been an increase in fraudulent scams and attempts by cybercriminals to access private data nationwide.
Protecting your data is a top priority. The university would like to inform you of a recent data breach and remind you to be diligent in protecting your own personal information.
SolarWinds Data Breach
On Dec. 14, Kent State was made aware of the SolarWinds breach where a patch released by SolarWinds in March 2020 included malware. Patching is a normal process where trusted vendors provide software upgrades for installation in our environment. The software upgrades include configuration changes, security enhancements and bug fixes to its software. This compromised patch was distributed by SolarWinds to thousands of SolarWinds customers, including many prominent schools, private organizations and government agencies. Kent State can confirm that the original malware was found on a small number of SolarWinds servers and that this malware did communicate low-level, nonsensitive information to these external servers.
At this time, there is no evidence that indicates the hackers used this back door to access the Kent State network. Working in conjunction with industry experts, Kent State has taken necessary industry reasonable steps to address further attempts at compromise. The team has not observed any further unauthorized access to Kent State systems or sensitive data, and this issue did not impact the delivery of classes to our students.
Avoiding Phishing Attacks and Scams
Some scams are perpetuated through phishing emails and caller ID spoofing. In these two examples, either the sender’s email or the calling number may appear to be legitimate and possibly from people in a position of authority. The senders or callers usually request money, gift cards, financial account information or personal identifying information from the recipient. The requests will typically be made through some type of threat to your status, for example, if you do not provide what is requested, your student or employment status will be in jeopardy or you may be subject to criminal action.
If any member of Kent State receives a communication eliciting this type of information, please verify the identity of the requester and legitimacy of the request. Do not immediately act on the request. Do not reply to the questionable communication or click any links. If it is a call, end it. You can contact the university department directly for verification, or you can contact your local police agency. Review additional information about how to avoid phishing attacks and scams.
Protecting Your Data
Kent State takes the security of our students, faculty and staff very seriously and continues to work daily to maintain the confidentiality, integrity and availability of our Kent State digital environment.
To learn more about how to protect yourself no matter where you are, go to SecureIT for tip sheets on better cybersecurity for your work and home environment.
For questions, email security@kent.edu or call 330-672-5566.