The University of Memphis has become the victim of its second cyber attack in six months, according to an email sent to faculty and staff from the university’s Chief Information Officer (CIO), Robert Jackson.
According to the email, IT security discovered a “sophisticated cyberattack against the University” on Feb. 16.
“The perpetrators have infiltrated some parts of our infrastructure. ITS is working diligently with external resources to contain the incident and to ensure appropriate remediation of the incident,” Jackson said in the email.
He also wrote that the ITS response to the incident could cause certain portions of the infrastructure – like network connectivity, workstations and service availability – to be disrupted.
This is the second cyber attack in six months that the university has been hit with.
On Oct. 30, 2020, the university received a report that a faculty email had been accessed by someone without proper authorization.
Law enforcement was contacted, and an investigation was launched on Nov. 4. The investigation concluded that sensitive information relating to faculty and staff was contained in the email and was accessible to the attacker.
Although the university discovered the attack on Oct. 30, the investigation found that the attacker had access to the account for an entire week starting on Oct. 23.
This information included names, addresses, phone numbers and social security numbers of the staff and faculty members included in the email. The information was also unencrypted, which the university’s data security policy warns against.
“Restricted University data must be protected against physical theft or loss, electronic invasion, or unintentional exposure through a variety of personal or technical means,” the policy states.
The university’s web page dedicated to answering questions related to the attack states that there were “certain faculty and staff whose information was sent in the email attachment.” Those who were affected were sent a notification stating that they were affected and were given steps to protect their information.
Although the site does not provide information on how many faculty and staff members were affected, the Daily Helmsman discovered that faculty members of the Department of Journalism and Strategic Media were affected, including its department chair, Dr. David Arant.
IT services began notifying faculty on Dec. 4, 2020, nearly one month after the attack occurred.
Affected faculty and staff were encouraged to enroll with credit monitoring companies and request that credit reporting companies place a freeze on their accounts, Arant said.
The attack also came nearly one year after the university began requiring faculty and staff to link their email accounts to DUO, the multi-factor authentication service that is supposed to prevent
unauthorized access to university email accounts and reduce the number of spam emails received.
DUO is an account protection service that provides an extra layer of protection by requiring users to link their accounts to their phone where they receive an alert that they can either accept or deny to gain access.
The school put the system in place for faculty in the fall of 2019, one professor said.
As students began receiving more and more spam emails, the school also began requiring students to register with the service on Jan. 25 or risk losing access to their accounts.
Jackson’s email to faculty regarding the most recent attack stated that he does not anticipate the attack to cause any disruption to the educational curriculum or its services at this time.
“Immediate steps were taken to limit and contain the incident including implementing additional security controls, requiring VPN access for additional resources, deploying additional monitoring software and containing devices related to the incident,” Jackson said in the email.
Further updates will be provided as the situation develops.
The UofM attempted to mitigate any future cyber attacks through the use of DUO, a dual authentication software.