U Nebraska Breach Could Hit 654,000 Student Records

  • By Dian Schaffhauser
  • 05/30/12

An Oracle PeopleSoft-based student information system in place since 2010 has been breached at the University of Nebraska Lincoln. The hacked database contains personal records for students, alumni and applicants of the university's four campuses. According to some media reports, the database contains 654,000 records going back to 1985. However, currently, the university is especially concerned about the data for 30,000 people who specifically had banking information stored in the system.

According to a question-and-answer page on a new security Web page created by the university, a Computing Services Network staff member discovered on May 25, 2012, Friday, that somebody had gained access to the student system. "This was a sophisticated and skilled attack on our system that was discovered and shut down within hours of its discovery," the FAQ stated. It didn't provide details about how the breach occurred.

That particular database contains records for students, parents, employees, alumni, and applicants, for managing admissions, housing, and course registration. It holds Social Security numbers, addresses, transcripts, grades, and other student data, as well as personal and financial information of parents of students who had applied for financial aid and university staff members. However, the database contains no credit card information.

U Nebraska sent a letter to those whose financial information is vulnerable, advising them to monitor their financial accounts "closely in the coming weeks" and to report suspicious activities to their banks. The same letter also suggested they place a fraud alert on their credit files. The university hasn't offered to pay to provide that service free to those who could be affected.

So far, said Information Security Officer Joshua Mauk, there has been "no clear evidence" that anybody's personal information was actually downloaded. Nor have there been any reports of identity theft related to the breach.

Technical staff have been working "around the clock," Mauk said, to identify other individuals who may be at increased risk. "It is our responsibility to continue to notify those potentially impacted by this breach as quickly as possible."

According to Mauk, the institution is working with law enforcement to establish the extent of the breach. The university has also has hired a firm specializing in data breaches to assist in a forensics investigation.

The university recommended that anybody whose information could be contained in the system refer to a Federal Trade Commission Web site offering guidance about identity theft.

The near-$30 million system, based on PeopleSoft Campus Solutions, was set up in 2010 after a multi-year implementation. At the time the selection of PeopleSoft was announced, Nebraska State College System's Chancellor Stan Carpenter said, "We believe that Oracle offers the best combination of functionality, support, and cost-effectiveness, and we are confident that the Campus Solutions system will provide excellent accountability and reliable records management."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • an online form with checkboxes, a shield icon for security, and a lock symbol for privacy, set against a clean, monochromatic background

    Educause HECVAT Vendor Assessment Tool Gets an Upgrade

    Educause has announced HECVAT 4, the latest update to its Higher Education Community Vendor Assessment Toolkit.

  • illustration of a football stadium with helmet on the left and laptop with ed tech icons on the right

    The 2025 NFL Draft and Ed Tech Selection: A Strategic Parallel

    In the fast-evolving landscape of collegiate football, the NFL, and higher education, one might not immediately draw connections between the 2025 NFL Draft and the selection of proper educational technology for a college campus. However, upon closer examination, both processes share striking similarities: a rigorous assessment of needs, long-term strategic impact, talent or tool evaluation, financial considerations, and adaptability to a dynamic future.

  • university building surrounded by icons for AI, checklists, and data governance

    Improving AI Governance for Stronger University Compliance and Innovation

    AI can generate valuable insights for higher education institutions and it can be used to enhance the teaching process itself. The caveat is that this can only be achieved when universities adopt a strategic and proactive set of data and process management policies for their use of AI.

  • DeepSeek on AWS

    AWS Offers DeepSeek-R1 as Fully Managed Serverless Model, Recommends Guardrails

    Amazon Web Services (AWS) has announced the availability of DeepSeek-R1 as a fully managed serverless AI model, enabling developers to build and deploy it without having to manage the underlying infrastructure.