oit new release
DESCRIPTION
OIT New ReleaseTRANSCRIPT
more
News Release
Southern Methodist University Office of Information Technology
6425 Boaz Lane
Dallas, TX 75205 USA
Contact: Shayan Gaziani
(469) 547-7426 cell / [email protected]
FOR IMMEDIATE RELEASE
Information Security team at Southern Methodist University explains recent cyberattack and
provides a course of action.
DALLAS (March 24, 2015) – The Information Security team (IST) at Southern
Methodist University (SMU) recently announced an unprecedented data breach during spring
break. The attack originated from an unknown location and was focused on accessing
confidential records from The George W. Bush Presidential Library and Museum (GPLM). The
hackers were unable to penetrate the GPLM firewall, and thus focused their efforts on SMU and
were successful. Students, faculty and staff are raising concerns regarding data safety, integrity
and Family Educational Rights and Privacy Act (FERPA) compliance.
IST was made aware of the attack on the morning of Monday, March 9, 2015.
“My personal email was flooded with reports of SMU’s website being offline, webmail
not functioning and PerunaNet redirecting users to an offshore IP address,” George Finney,
director of IST, recalls. “All of our firewalls were down – the only pieces of data still protected
were ones already encrypted with passwords and other security measures.”
Gaziani
SMU Data Breach
Page 2
###
IST personnel quickly shut down SMU’s intranet to prevent data from leaking out and to
preserve evidence of the attack, including any revelatory clues regarding the origins of the
breach. After convening SMU’s IT Advisory Council, Finney and SMU’s Chief Information
Officer Joe Gargiulo enlisted the support of Mandiant Security Consulting Services, a subsidiary
of FireEye, Inc. (FEYE) Milpitas, California, to determine the extent of the breach and uncover
the perpetrators. According to Mandiant’s report, traces of the attack seem to have originated
from an infected, personal laptop connected to SMU’s wired network. IST did not release any
identifying information.
“Thankfully, no records or other confidential items were stolen,” Finney explained, “only
devices that were connected to our network were affected, and we’re working on releasing
complimentary antimalware and restoration services.”
In an internal memo sent to students and parents, SMU President R. Gerald Turner
assured that despite the gravity of the attacks, SMU was able to prevent student data loss and
thus “reassure SMU’s commitment to securing student data and complying with FERPA
regulations.”
This breach resonated with the SMU community as not only being the first, but also as
possibly being politically oriented. Nevertheless, Finney has instructed IST to perform an
upgrade of all network hubs and to implement Mandiant’s proprietary monitoring service to
ensure future data integrity. He assures the SMU community that this was an isolated incident
and steps will be taken to prevent future incidents.
SMU is a nationally ranked private university in Dallas founded 100 years ago. On
campus, seven degree-granting schools provide unparalleled academic opportunities with
international connections. For more information, please visit www.smu.edu.