Data Security | News

Arizona State Hack Brings Online Activities to a Halt

• By Dian Schaffhauser
• 02/01/12

Arizona State University shut down all of its Web services for about two days during January to address a security breach. That included shutting down online classes for the duration of the outage, shuttering the university's job application site, and closing its online application service.

According to reporting in student newspaper, the State Press, the university discovered that an unknown person had downloaded an encrypted file that contained the user names and passwords of everybody possessing an ASUrite account. The Arizona State University Rational Information Technology Environment is the primary login for the university's computing services. Jan. 18, in response to the breach, the school temporarily closed both its Web site and its portal, MyASU.

Late Jan. 19 services were restored, and the university announced a forced password reset for all users. That in turn led to additional delays in users gaining access to their online services when the system handling password resets couldn't keep up with demand. That password reset required users to enter their last known password, as well as the last four digits from their Social Security number and date of birth.

To accommodate password resets for tens of thousands of users, the university tried a staged approach to bring users back online. It started first with students, faculty, and staff and followed that several days later with alumni and retirees. It also provided help for password resets at walk-up locations on its multiple campuses and at help desk operations.

According to news accounts, the university has determined that no personal data or financial information was accessed by the hacker.

Arizona State is working with law enforcement agencies, both local and federal, to identify the person responsible for the theft.