The Rankin Student Center at Ferris State University in Big Rapids. Courtesy Ferris State University
Ferris State University got hacked.
"Evaded network security"
University officials learned late last month that an unauthorized person “evaded network security and gained access to a server that is used to operate Ferris’ website,” according to an FSU announcement.
The university shut down the compromised server right away and hired a technology forensic firm to stop further access and investigate the situation, said John Urbanick, Ferris’ chief technology officer.
No evidence was revealed during the investigation that the hacker “viewed or removed” any information, and so far, no student has come forward to report any of their information being misused, Urbanick said.
Social and IDs
Ferris sent letters Wednesday to about 39,000 people, because their names and Social Security numbers were in accessible files.
Although no evidence has shown that any credit information was misused, the individuals are being offered one year of free credit monitoring as compensation.
Letters were also mailed to about 19,000 current, former and prospective Ferris students whose campus student identification numbers were available to the hacker. Students may request a change to their campus wide identification number at ferris.edu.
“As a precaution, we’re notifying individuals whose sensitive information was in the files,” Urbanick said. “Ferris recognizes the importance of the privacy and confidentiality of personal information that is provided to us. We will continue to strengthen our security measures to help guard against future attempts of this kind.”
Students and others who have questions about the hack and want to know how to protect their information can call Ferris’ call center, from 9 a.m.-7 p.m., Monday-Friday at 1-877-283-6566.
Ferris officials are meeting at 3 p.m. Friday to deliberate the ongoing investigation into the recent hack and discuss future security concerns for Ferris’ website said, Sandy Gholston, Ferris news services and social media manager.
Gholston said Ferris has been working with Navigant Consulting, a top national computer security firm, to investigate the breach.
He offered no leads on who the culprit might be at this time.
“I don’t think we want to speculate right now, while the investigation is in progress,” Gholston said.
Ferris officials first discovered the hack on July 23 and shut down the server for about five days, Gholston said, adding that students still had access to their emails during this time. The school waited to release more information, because the investigation was ongoing, he said.
Hacking is not abnormal in this era of high-speed technology, he said, adding that Ferris has been hacked and recovered in the past and plans to keep doing what it must to ensure the safety of the information of the college and its students.
“This is a situation that’s not unique to colleges or businesses,” Gholston said. “We did have an incident with a computer that was stolen six years ago, and there were minor incidents along the way.”
Ferris has put up two FAQs regarding the social security numbers and student ID numbers on its website, explaining the situation.