Several portions of the University’s information technology systems were illegally accessed by “sophisticated attackers originating in China” earlier this year, Executive Vice President and Chief Operating Officer Patrick Hogan said in an email Friday to members of the University community.
The University first became aware of a possible breach when notified by federal authorities and later confirmed the attack on June 11. With the services of international cybersecurity firm Mandiant and federal authorities, the University concluded in its investigation no personal information was accessed.
“Our forensic investigation has indicated that no personally identifiable information — such as Social Security numbers and banking information — or personal health information was accessed,” Hogan said in the email. “There is also no evidence that sensitive research material was accessed.”
Hogan explained the significance of the breach saying personal data and information are a “high priority.”
In response to the breach, a system security update began at 5:00 p.m. ET and was completed Sunday. All users of the University system will be required to change their Eservices login passwords after the system upgrade is finished. Hogan noted the University Medical Center will not be affected during the system upgrade as it’s information was on a separate system not targeted in the attack.
“We thank the members of the University community for their patience as systems were being upgraded,” Hogan said. “The security of your information and other data stored on University systems is of the utmost importance, and our dedicated teams of professionals will remain vigilant in protecting the University’s information technology infrastructure.”
The University did not immediately respond to requests for comment.