The University of Northern Colorado’s Information Management & Technology department notified students on Monday about the containment of a recently discovered security threat.
According to an email from Chief Information Officer Bret Naber, there has been “unauthorized activity” on UNC’s Ursa portal. Twelve university employees’ social security numbers were used by an unknown person or group to access their individual Ursa accounts and download their W2 forms, which are “targeted by criminals for filing fraudulent tax returns.”
According to Naber, UNC believes the social security numbers were obtained somewhere outside of the university and that the 12 specific employees were the only ones affected. Each of the affected individuals were contacted as soon as the IM&T department established that their accounts had been compromised. Thus far no student Ursa accounts have been accessed in this manner.
The situation has since been left to law enforcement officers and a criminal investigation has been launched. As a result, the university will require all students to change their Ursa passwords after Feb. 28. Naber also advised students to not only change their passwords ahead of the deadline, but to also monitor their Ursa accounts and contact the Technical Support Center if there are any unauthorized changes. UNC’s resource guide to cybersecurity can be found on the school’s website.
UNC’s Resource Guide: http://www.unco.edu/cybersecurity/faculty-and-staff-resources/identity-theft.aspx
Technical Support Center: 970-351-4357