No administrator accounts compromised during ‘phishing attack’
Megan Valley | Friday, February 10, 2017
A spam email that appeared to be sent from provost Thomas Burish’s account Tuesday morning was sent to more than 2,000 faculty, staff and students, Jason Williams, director of information security at the Office of Information Technologies (OIT), said in an email.
“We have not yet determined how or where the perpetrator obtained the email list, but it’s safe to assume that it was compiled from public sources such as Notre Dame websites or public email lists,” he said. “The list of constituents is far too random to be from only one source.”
Williams said the email was a common hacking technique called a “phishing email,” and that there was “no indication that the person who sent the email had any ties to the University.”
“From what we have heard from our peers, we are one of a number of universities that were targeted by this phishing email,” Williams said.
No administrator accounts were compromised during the “phishing attack” and Williams said that unless a student responded to the email and had not yet enrolled in two-step login, it was “not likely” that any student information was compromised.
“The OIT information security team is in the process of contacting people who responded to the phish and recommending that they reset their password to keep their information safe,” Williams said.