Main Nav

As of 2/19/13

In February 2013, EDUCAUSE discovered a security breach involving an EDUCAUSE server. Below are answers to questions about this breach.
 

Who was affected and what data was involved?

  1. Individuals with an EDUCAUSE website profile

    1. Any information contained in individual EDUCAUSE website profiles (e.g., name, title, e-mail address, username, and hashed password) may have been compromised. As a result, individuals with an EDUCAUSE website profile must change their password.
    2. It is not necessary for InCommon account holders to update their institutional credentials because EDUCAUSE does not have access to, or store on any server, InCommon account information.

       

  2. .edu domain accounts

    1. The breach may have compromised the hashed passwords of .edu domain holders. As a result, the designated administrative, technical, or billing contact must change the domain password. Administrative and technical contacts have already been notified by EDUCAUSE.


As a precaution, all passwords have already been deactivated; therefore, individuals do not need to create new passwords immediately.

Members and individuals who do not have an EDUCAUSE website profile or are not a .edu domain holder are not required to take action.
 

Who was notified?

Individuals with active EDUCAUSE website profiles and administrative and technical contacts for .edu domain accounts were notified via e-mail on Tuesday, February 19. The e-mail notice was sent through our mass e-mail marketing software (Informz). Links within the e-mail are redirected through this marketing product.

Because e-mail delivery isn’t always guaranteed, EDUCAUSE also posted messages in social media, on its website, in several constituent and discussion groups, and on the .edu website.

Members and individuals who do not have an EDUCAUSE website profile or are not a .edu domain holder were not notified because they do not need to take any action. This includes individuals who subscribe exclusively to our constituent and discussion groups. Prior to June 8, 2012, subscribers to EDUCAUSE groups were not required to have a profile; therefore, many individuals who only use this service are not affected.
 

Was any sensitive personal or financial information accessed?

Based on our investigation to date, we do not believe that any sensitive personal or financial information has been accessed.
 

What steps has EDUCAUSE taken to prevent similar security breaches in the future?

EDUCAUSE took immediate steps to contain this breach and is working with Federal law enforcement, investigators, and security experts to make sure this incident is properly addressed.

Along with outside security experts, EDUCAUSE has implemented additional security measures to help prevent this type of breach in the future.

As a precaution, all passwords have been deactivated. Individuals with EDUCAUSE website profiles and .edu domain holders are being asked to create a new password.
 

How do I create a new password?

  1. Individuals with an EDUCAUSE website profile:

    We request that you create a new profile password.

    Please do not use your old password. You should create a new password that is 8 or more characters and is made up of a combination of

    • at least one uppercase letter,
    • at least one lowercase letter,
    • at least one digit, and
    • at least one special character.


    If you have changed your profile password after 1:15 pm EST, February 19, 2013, you do not need to change your password again.
     

  2. .edu domain account holders:

    We request that you create a new domain password.

    Please do not use your old password. You should create a new password that is 8 or more characters and is made up of a combination of

    • at least one uppercase letter,
    • at least one lowercase letter,
    • at least one digit, and
    • at least one special character.


    If you have changed your .edu password after 2:00 p.m. EST, February 15, 2013, you do not need to change your password again.
     

Who should be contacted with questions regarding this matter?

For help with EDUCAUSE website profile password changes, please contact EDUCAUSE Member Services at info@educause.edu or +1-303-449-4430.

For help with .edu domain password changes, please contact EDUCAUSE Member Services at edu@educause.edu or +1-303-449-4805.

For media inquiries, please contact Pete Boyle, Senior Vice President for Lipman Hearne, at pboyle@lipmanhearne.com or +1-202-536-8088.

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.