The IT department asked students to change their passwords earlier this month in response to a system intrusion.
According to Marlyn Smith, vice president of Mason’s information technology unit, the intrusion compromised about 4,400 social security numbers. The intrusion affected mostly mostly faculty and staff, but some students were also affected.
“We detected an intrusion in our system in the mid July time frame [and we] hired some experts to look into the intrusion,” Smith said.
The social security numbers were on Mason’s travel request system, which is used for reimbursements when someone travels at the university’s expense. All of the numbers affected were old, because Mason no longer uses social security numbers in the system, so no information was lost or “leaked.” Those affected were asked to change their passwords when it occurred.
“To our knowledge, our external forensics experts found no evidence of data loss,” Smith said.
Smith says that the social security numbers were found on a database in the area, but the numbers were removed immediately. Those affected were given access to a credit monitoring service for one year to make sure the intrusion did not have an impact on their credit or other financial information.
“We were just being extra cautious,” Smith said.
This is not the first time such an intrusion has happened at Mason or at other universities. This intrusion is known as phishing, where intruders attempt to gain personal information by posing as a trustworthy contact. Victims are often contacted via email by the intruder.
“There were several people that responded to phishing attempts,” Smith said. “There were a few people, [where] what can happen is their direct deposit can be changed and their pay rerouted.”
According to Smith, the IT unit caught the phishing intrusion immediately and were able to reimburse those affected.