more

News Release

Southern Methodist University Office of Information Technology

6425 Boaz Lane

Dallas, TX 75205 USA

Contact: Shayan Gaziani

(469) 547-7426 cell / sgaziani@smu.edu

FOR IMMEDIATE RELEASE

Information Security team at Southern Methodist University explains recent cyberattack and

provides a course of action.

DALLAS (March 24, 2015) – The Information Security team (IST) at Southern

Methodist University (SMU) recently announced an unprecedented data breach during spring

break. The attack originated from an unknown location and was focused on accessing

confidential records from The George W. Bush Presidential Library and Museum (GPLM). The

hackers were unable to penetrate the GPLM firewall, and thus focused their efforts on SMU and

were successful. Students, faculty and staff are raising concerns regarding data safety, integrity

and Family Educational Rights and Privacy Act (FERPA) compliance.

IST was made aware of the attack on the morning of Monday, March 9, 2015.

“My personal email was flooded with reports of SMU’s website being offline, webmail

not functioning and PerunaNet redirecting users to an offshore IP address,” George Finney,

director of IST, recalls. “All of our firewalls were down – the only pieces of data still protected

were ones already encrypted with passwords and other security measures.”

Gaziani

SMU Data Breach

Page 2

###

IST personnel quickly shut down SMU’s intranet to prevent data from leaking out and to

preserve evidence of the attack, including any revelatory clues regarding the origins of the

breach. After convening SMU’s IT Advisory Council, Finney and SMU’s Chief Information

Officer Joe Gargiulo enlisted the support of Mandiant Security Consulting Services, a subsidiary

of FireEye, Inc. (FEYE) Milpitas, California, to determine the extent of the breach and uncover

the perpetrators. According to Mandiant’s report, traces of the attack seem to have originated

from an infected, personal laptop connected to SMU’s wired network. IST did not release any

identifying information.

“Thankfully, no records or other confidential items were stolen,” Finney explained, “only

devices that were connected to our network were affected, and we’re working on releasing

complimentary antimalware and restoration services.”

In an internal memo sent to students and parents, SMU President R. Gerald Turner

assured that despite the gravity of the attacks, SMU was able to prevent student data loss and

thus “reassure SMU’s commitment to securing student data and complying with FERPA

regulations.”

This breach resonated with the SMU community as not only being the first, but also as

possibly being politically oriented. Nevertheless, Finney has instructed IST to perform an

upgrade of all network hubs and to implement Mandiant’s proprietary monitoring service to

ensure future data integrity. He assures the SMU community that this was an isolated incident

and steps will be taken to prevent future incidents.

SMU is a nationally ranked private university in Dallas founded 100 years ago. On

campus, seven degree-granting schools provide unparalleled academic opportunities with

international connections. For more information, please visit www.smu.edu.