Iowa State University says someone hacked into the servers of 5 departments containing information on nearly 30,000 students enrolled between 1995 and 2012. I.S.U. Provost Jonathan Wickert says the hackers had a specific purpose, and it was not to steal student identities. “They uploaded a type of software that used to produce something called Bitcoin. Bitcoin is a type of digital or electronic currency — digital money if you will,” Wickert explains.
He says the goal was to harness the computer power of the school to generate the electronic money. “What they wanted to do was hijack several computers and have multiple computers running this software to be able to produce the currency faster,” Wickert says. While the student information was on the computers, Wickert says they don’t believe it was compromised. “We have not reports of identity theft having occurred — but out of an abundance of caution because we did have class lists stored on several of these machines — we’re taking the step and notifying all the current and former students,” Wickert says.
The university is also offering to pay for credit monitoring for those students. The Social Security numbers included those of some students who took a class in: Computer science (1995-2005); World languages and cultures (2004, 2007, 2011-2012) and Materials science and engineering (one class only in ENGR101 in fall 2001 and MATE214 in spring 2001).
Wickert says the battle against computer hackers is an ongoing issue for the I.S.U., just like it is for many other organizations. “Our I-T staff here at the university defense us every day against literally dozens of hacking attacks,” Wickert says. He says this is an unfortunate case where the hackers got through the system.
Wickert says they have learned from this attack. “We’ve already taken some very proactive steps to decommission and actually destroy the computers that were affected,” Wickert says. “And over the next weeks and months you’re going to see us roll out a multi-point plan to further increase computer security on campus.” He says the measures will include strengthening password standards, encrypting all of the university laptop computers, and a software program to identify computers that store student information to ensure that it is safely stored.