Campus security breach leaves students asking questions

In an internet security breach at the University of Rhode Island this August an unknown party, that was neither a university student nor employee, found out the passwords to the uri.edu email accounts of around 3,000 students.

An overwhelming majority of the email accounts affected, 97 percent, belong to women. Around 1,200 of those accounts belong to graduates and 1,100 to incoming students. The hackers were able to gain access to correspondence both to and from the uri.edu email address. It is believed that no social security numbers or financial information was directly compromised.

However, if students use their uri.edu emails to apply for student loans and financial aid, it would be best to change those account passwords as well. There is also potential that usernames and passwords for social media sites such as Facebook were stolen too. It is highly recommended that students who have not changed their passwords do so to protect confidentiality. If you have other accounts linked to your school email, it is recommended those passwords be changed as well.

For those who were directly affected, URI has sent an email regarding the breach to all uri.edu accounts and any backup emails provided. Victims also will have been sent a letter in the mail to their last permanent address on file.

URI has reported the incident to the attorney general’s office and campus police, however the hacker is still unknown and at large. If caught, the perpetrator could face fines exceeding $1,000 and even get sentenced to time in prison.

“[URI email users should] definitely use a minimum of eight characters when changing your password,” said Michael Khalfayan, associate director of URI’s information security department. “This should include upper and lowercase letters as well as numbers and special characters. Use a different password for every account to keep them separate.”

On a related note, Khalfayan also wants to let students know to look out for phishing emails, and any emails requesting personal information. It is also best to avoid using any pet names since they are some of the most commonly used passwords.

For more information, please visit web.uri.edu/publicsafety/data-security-issue or contact the URI Information Security Department here at security.uri.edu/.

Leave a Reply