14 DAY TRIAL // Unauthorized activity on a couple computer networks at Harvard University was tracked recently, causing the administration of the institution to issue a public alert and urge several affiliates to change account passwords.
The intrusion was discovered on June 19 and affected the networks of the Faculty of Arts and Sciences and Central Administration. At the moment, the identity of the perpetrator remains unknown, just like the purpose of the illegal action.
Computer logins and email passwords need to be changed
In a notification disclosing the security incident, Provost Alan Garber and executive vice president Katie Lapp say that there is no evidence that personal information, research data or PIN System credentials have been exposed.
However, the attacker(s) may have stolen usernames and passwords for accessing individual computers as well as email accounts from the University.
Anyone from the Faculty of Arts and Sciences, Harvard Divinity School, Radcliffe Institute for Advanced Study or the Central Administration should change the password used for logging into the computer and the one for the email account.
Those that are part of the Graduate School of Design, Harvard Graduate School of Education, Harvard John A. Paulson School of Engineering and Applied Sciences, or Harvard T.H. Chan School of Public Health are urged to set up a new password for their Office 365 or Icemail accounts.
Third party experts called in for security upgrade advice
Harvard does not work alone to address the issue and has contracted the services of external information security experts. Federal law enforcement has also been alerted of the incident and initiated an investigation.
As a consequence of the breach, the university started a process to improve the security of its computer systems. Garber informs that applying the new standards will require users to change their passwords once more.
It is unclear how the hacker managed to gain access to the systems, but one possible attack vector is phishing. The university advises its email users to be wary and not respond to messages or phone calls asking for account information or any type of sensitive details.