The University IT Security system noticed “suspicious login[s]” to 2,000 students’ “University email accounts” on the 16th of September and responded to this data breach by changing the passwords of the “compromised” accounts. The Data Protection Commission (DPC) confirmed that they had been notified of the breach and will assist in the assessment of the ongoing investigation.
UCD IT Services have told The College Tribune that “on the 16 September it was confirmed with a number of students that their accounts had been breached, leading [us] to believe that accounts with similar login activity were potentially breached. An investigation was initiated and further potential breaches identified. Passwords for all accounts identified as potentially breached have been changed.” Students became aware of “suspicious logins to [their] University email accounts” via an email issued by UCD IT Services on the 17th and 18th of September.
It has been confirmed that approximately “two thousand student accounts were identified as having suspicious activity.” IT Services commented that “these are potential breaches rather than confirmed breaches”. IT Services has also stated that “It has not yet been determined how the students’ email accounts were compromised” and that “University passwords are protected with multiple security measures including password hashing”.
It is understood that the incident is being dealt with seriously and the University Management Team (UMT) has been involved. The Data Protection Commissioner has been notified and has stated to The College Tribune that “a number of questions have been issued to UCD to assist in fully assessing the notification” of the breach.
Some students noticed issues with their UCD Connect accounts three weeks prior to receiving the email from UCD letting them know that their accounts had been compromised. Following the initial email, IT Services followed with more information on the issue, saying that the “cause of the breach is not yet known” and that “UCD has employed an external security consultancy company to help investigate the incident”.
Students were advised to change their UCD Connect account password “immediately” and to consult the IT Services Compromised Account webpage. Students have told The College Tribune that the “password reset facility was not working”. IT Services stated that “any student who contacted us should now have access to their accounts”. Students affected were unable to access Brightspace, SISWeb and UCD affiliated Gmail accounts leading to missed lectures and various University-related updates at the beginning of this week.
The College Tribune has received confirmation from IT Services that the “assistance of an external security company to assist with the investigation” has been engaged. Currently, the IT Incident Response Team, led by the Chief Information Officer, is meeting daily to review progress. However, the team is “unable to say when this investigation will be concluded” and that “all root causes including phishing, malware and browser plugins on devices are still being considered”.
IT Services has stated that “no further suspicious activity has been identified since then relating to this matter”.
Mahnoor Choudhry – Deputy News Editor